Tag Archives: asa

Allowing tracert in Cisco ASA firewall

I was under impression that allowing icmp in the service policy will enable tracert to work. I was wrong. After scouting around I found below tweaks that will enable tracert to run correctly. 1. Set decrement TTL ASA# configure terminal ASA(config)# policy-map global_policy ASA(config-pmap)# class class-default ASA(config-pmap-c)# set connection decrement-ttl ASA(config-pmap-c)# exit 2. Permit icmp… Read More »

Microsoft VPN PPTP client through Cisco ASA Firewall

Scenario: Using Microsoft Windows built in VPN Client to connect to remote PPTP VPN server through Cisco ASA firewall. Symptom: Error 619 Solution: In ASA Firewall, enter below command. ASA-active#conf t ASA-active(config)#policy-map global_policy ASA-active(config-pmap)# class inspection_default ASA-active(config-pmap-c)#inspect pptp ASA-active(config-pmap-c)#exit ASA-active(config)#access-list $Inbound_Interface_ACL permit gre $source_ip/network any ASA-active(config)#access-list $Inbound_Interface_ACL permit permit tcp $source_ip/network any eq pptp Common… Read More »