Cisco ASA Route-based Site-to-Site VPN to Azure

prerequirements: ASA software 9.8.1 (I have tested 9.8.2)

Azure configuration:
add a Virtual network gateway to you azure subnet, I use basic, then adding a connection to the gateway like this:

ASA configuration

Configure VPN interface:

Configure static route to azure networks:



Key Not Valid for Use in Specified State error installing Anyconnect

If you get this error upon trying to install Cisco Anyconnect:
Key Not Valid for Use in Specified State

Danish translation:
Nøglen er ikke gyldig for anvendelse i den angivne tilstand.

Do the following:

Move the folder RSA from

C:\Users\AppData\Roaming\Microsoft\Crypto\RSA to say C:\RSA (just in case there should be a need to restore it) then try installing again.
This folder appears to act as a cache and should be rebuilt automatically as required.


Cisco ASA 8.4 Port Forwarding (Pat/Nat) ASDM

Cisco ASA 8.4 Port Forwarding Port 25 with ASA 8.4 with ASDM

Step 1. Open ASDM and jumb to Configuration mode:

Step 2. Click Add, choose Network Object… (Found in the Right side panel)

Step 3.
Ip address: type the Inside ipaddress of the pc/server
check Add Automatic Address Translation Rules
Type: static
Translated Addr: choose the WAN interface (default it is outside)
Click Advanced

Step 4.
Souce Interface: Choose the interface which the pc/server is connected
Destination Interface: Choose the WAN interface (default it is outside)
Protocol: tcp
Real Port and Mapped Port: Type smtp og the port nummer your want to open

Step 5. Create a Access Rule, click Add, and choose Add Access Rule…

Step 6.
Interface: Outsite
Action: Permit
Source: Any
Destination: The object we just created

Allow PPTP traffic through ASA

Insert the following in the configuration:

class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect pptp
service-policy global_policy global