I’m new to the 5505 and configuring them. I’ve a number of books and the online as analysis instruments nonetheless I have not wrapped my head round the entire thing. I’m higher at reverse engineering then preliminary config. I’m attempting to terminate distant entry PPTP VPN connection on my inside Win 2012 RRAS server. I do know I want to permit GRE and PPTP 1723 via in addition to port ahead 1723 to the Win 2012 inside IP. Exactly how that is carried out in config is the place I lose it, sadly. Beneath is my config and if there’s somebody that may actually spell it out for me I might be ever appreciative. Thanks prematurely. Please notice that I might gone via the IPSec and AnyConnect wizards on the ASDM and there is config in there for that, nonetheless it did not operate, and I might desire to make use of the Win 2012 RRAS server for PPTP as shopper workstation are already configure for it. Moreover I’m restricted to at least one public IP by ISP.
ASA Model 8.2(5)
hostname ciscoasa
allow password uXZJvr7TNDFcspD4 encrypted
passwd uXZJvr7TNDFcspD4 encrypted
names
interface Ethernet0/0
switchport entry vlan 2
interface Ethernet0/1
interface Ethernet0/7
switchport entry vlan 5
interface Vlan1
nameif inside
security-level 100
ip deal with 192.168.1.1 255.255.255.0
interface Vlan2
nameif exterior
security-level 0
ip deal with 1.exterior.ip.1 255.255.255.0
interface Vlan5
nameif dmz
security-level 50
ip deal with 192.168.2.1 255.255.255.0
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
access-list domainVPN_splitTunnelAcl customary allow 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound prolonged allow ip 192.168.1.0 255.255.255.0 192.168.1.224
255.255.255.248
pager traces 24
logging asdm informational
mtu exterior 1500
mtu inside 1500
mtu dmz 1500
ip native pool VPN_IP_Pool 192.168.1.225-192.168.1.230 masks 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm historical past allow
arp timeout 14400
world (exterior) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
route exterior 0.0.0.0 0.0.0.0 1.exterior.gateway.ip.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server allow
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server allow traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-
AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA
ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface exterior
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificates chain _SmartCallHome_ServerCA
certificates ca 6ecc7aa5a7032009b8cebcf4e952d491
308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130
crypto isakmp allow exterior
crypto isakmp coverage 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 10
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd auto_config exterior
dhcpd deal with 192.168.1.5-192.168.1.254 inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
allow exterior
svc allow
group-policy domainVPN inside
group-policy domainVPN attributes
wins-server worth 1.inside.dc.ip.1 1.inside.dc2.1
dns-server worth 1.inside.dc.ip.1 1.inside.dc2.1
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list worth domainVPN_splitTunnelAcl
default-domain worth area.native
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
username username password 6phXKPxOcSDjp7J7 encrypted privilege 0
username username attributes
vpn-group-policy domainVPN
tunnel-group domainVPN kind remote-access
tunnel-group domainVPN general-attributes
address-pool VPN_IP_Pool
default-group-policy domainVPN
tunnel-group domainVPN ipsec-attributes
pre-shared-key *****
tunnel-group AnyConnect kind remote-access
tunnel-group AnyConnect general-attributes
address-pool VPN_IP_Pool
class-map inspection_default
match default-inspection-traffic
policy-map kind examine dns preset_dns_map
parameters
message-length most shopper auto
message-length most 512
policy-map global_policy
class inspection_default
examine dns preset_dns_map
examine ftp
examine h323 h225
examine h323 ras
examine rsh
examine rtsp
examine esmtp
examine sqlnet
examine skinny
examine sunrpc
examine xdmcp
examine sip
examine netbios
examine tftp
examine ip-options
service-policy global_policy world
immediate hostname context