Unanswered Question
Mar 25th, 2008

Hi All,

Actually the real title is "Understanding Bridging" but I typed "Bridging" instead to appeal more :). Please correct the misunderstandings and confirm the facts in the following part of my question.

What I want to achieve is simple and I can do it with documentations easily. I want my ASA outside interface get the public IP assigned by ISP. Since ASA can not terminate serial links, we need a router and should be not in router mode "no ip route" and be a brdige.

As far as I know, there are two types of bridging. One is "pure bridging" as defined in RFC 1483, and one is called "dhcp spoofing" but dont know the real term here.

According to my research, I should configure VPDN in ASA for the username and passwordif I apply "pure bridging" So the first question is

1)In which serial termination scenarios can this be applied? xDSL? T1? Or every connection that must input username and password? What are these connection types? What is the relation with PPOE and PPOA here?

2)In ASA, can I manually enter the IP address and default route instead using "ip outside pppoe setroute" ? If yes, can I learn my public subnet mask and default route with any show commands, instad calling my ISP? Just like ipconfig /all in windows :)

While answering questions of people in forum, I see many configurations that has the public IP at outside interface of ASA, but does not contain any VPDN configuration. And the questions are

3)What type of serial terminations at the router that the outside int of ASA is directly connected to, can be applied this way, without specifying passwords? This cant be achieved in xDSL?


In DHCP Spoofing, the router also takes care of applying the username and password, and only thing that ASA does is having the public IP. If this is correct, how is that applied? Because I cant see username or password in RFC 1483. Do you have an RFC link for this?

Thanks for your time on reading this, and for your inputs.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Paolo Bevilacqua Tue, 03/25/2008 - 16:46

Hi Husy,

sorry If don't go to answer all your many questions. The juice of the thing is like that: if you have xdsl, and the ISP is using either "bridged 1483" or "pppoe", then you can bridge and have the asa get a public address. In all the other cases, you can't and the asa will have to settle with nat behind the router.

Spaking of which, remember that all what the asa does, the router does too, differently perhaps, but it does.

husycisco Wed, 03/26/2008 - 12:28

Hi Paolo

Thanks a lot for your valuable input. I dont expect my questions to be answered correctly and officialy, I just want to hear from experts like you about your opinions.

Any inputs by experts reading this thread is much appreciated.



This Discussion