Trouble setting up incoming VPN in Microsoft SBS 2008 through a Cisco ASA 5505 appliance
- by Nils
I have replaced an aging firewall (custom setup using Linux) with a Cisco ASA 5505 appliance for our network. It's a very simple setup with around 10 workstations and a single Small Business Server 2008.
Setting up incoming ports for SMTP, HTTPS, remote desktop etc. to the SBS went fine - they are working like they should.
However, I have not succeeded in allowing incoming VPN connections. The clients trying to connect (running Windows 7) are stuck with the "Verifying username and password..." dialog before getting an error message 30 seconds later.
We have a single external, static IP, so I cannot set up the VPN connection on another IP address.
I have forwarded TCP port 1723 the same way as I did for SMTP and the others, by adding a static NAT route translating traffic from the SBS server on port 1723 to the outside interface.
In addition, I set up an access rule allowing all GRE packets (src any, dst any).
I have figured that I must somehow forward incoming GRE packets to the SBS server, but this is where I am stuck.
I am using ADSM to configure the 5505 (not console).
Any help is very much appreciated!