Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AT&T U-Verse and VPN

So AT&T has forced me to switch from their standard DSL to the new U-Verse.......  So far things have been less than fun.

 

My set up was this.

5505 set up to establich PPOE connection.  This 5505 then created a VPN to different office.  Staff could surf the web and connect to a data server at a different office.

 

However with the new U-Verse PPOE is no longer a thing.....
SO I have set the new modem from AT&T to a passthrough mode.  Which according to the AT&T staff I spoke with is similar to bridge mode.


AT&T Modem............................5505..............switch..................office 1 computers

 

IF I connect a pc directly to the AT&T Modem I can of course connect to the web.  HOWEVER connecting the computer to the switch NOTHING works...


I have removed the PPOE settings and switched to a Static Settings using one of the static IP I have from AT&T.

Here is my set up but what am I missing to make this connection happen again???

Thanks for the help!!

 

 

ASA Version 8.2(1)
!
hostname ciscoasa
enable password el1z3eLCEgbKqm7k encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.40.1 255.255.255.0
!
interface Vlan11
 nameif outside
 security-level 0
 ip address 111.111.111.111 255.255.255.248
!
interface Ethernet0/0
 switchport access vlan 11
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 208.67.222.222
 name-server 208.67.220.220
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list 105 extended permit ip 192.168.40.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list nonat extended permit ip 192.168.40.0 255.255.255.0 192.168.10.0 255.255.255.0
pager lines 24
logging enable
logging history errors
logging asdm informational
logging mail warnings
logging from-address test@test.com
logging recipient-address test@test.com level errors
mtu inside 1500
mtu outside 1492
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 192.168.40.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.40.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set Han esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 40 match address 105
crypto map outside_map 40 set peer 222.222.222.222
crypto map outside_map 40 set transform-set Han
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.40.5-192.168.40.50 inside
dhcpd dns 208.67.222.222 208.67.220.220 interface inside
dhcpd enable inside
!
 
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
tunnel-group 222.222.222.222 type ipsec-l2l
tunnel-group 222.222.222.222ipsec-attributes
 pre-shared-key *
!
class-map ispection_default
 match default-inspection-traffic
!
!
policy-map global_policy
policy-map type inspect dns preset_dns-map
 parameters
  message-length maximum 512
!
prompt hostname context
Cryptochecksum:d3b678a6d2d04ec3ea1a28ba7b09d115
: end
no asdm history enable
Everyone's tags (2)
1 REPLY
New Member

Hello Toddy, Can you check

Hello Toddy,

 

Can you check into this route route outside 0.0.0.0 0.0.0.0 192.168.40.1, the route should be the ISP ip address ( next hop ), on the same network as the outside interface.

Probably your ASA is not able to ping the internet but as soon as the ASA reaches the outside world you should be to get internet access on your computer,because the config for that looks fine. 

Regards,

Laura

2527
Views
0
Helpful
1
Replies