Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AT&T U-Verse and VPN

So AT&T has forced me to switch from their standard DSL to the new U-Verse.......  So far things have been less than fun.


My set up was this.

5505 set up to establich PPOE connection.  This 5505 then created a VPN to different office.  Staff could surf the web and connect to a data server at a different office.


However with the new U-Verse PPOE is no longer a thing.....
SO I have set the new modem from AT&T to a passthrough mode.  Which according to the AT&T staff I spoke with is similar to bridge mode.

AT&T 1 computers


IF I connect a pc directly to the AT&T Modem I can of course connect to the web.  HOWEVER connecting the computer to the switch NOTHING works...

I have removed the PPOE settings and switched to a Static Settings using one of the static IP I have from AT&T.

Here is my set up but what am I missing to make this connection happen again???

Thanks for the help!!



ASA Version 8.2(1)
hostname ciscoasa
enable password el1z3eLCEgbKqm7k encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
interface Vlan1
 nameif inside
 security-level 100
 ip address
interface Vlan11
 nameif outside
 security-level 0
 ip address
interface Ethernet0/0
 switchport access vlan 11
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list 105 extended permit ip
access-list nonat extended permit ip
pager lines 24
logging enable
logging history errors
logging asdm informational
logging mail warnings
logging from-address
logging recipient-address level errors
mtu inside 1500
mtu outside 1492
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1
route outside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set Han esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 40 match address 105
crypto map outside_map 40 set peer
crypto map outside_map 40 set transform-set Han
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address inside
dhcpd dns interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
tunnel-group type ipsec-l2l
 pre-shared-key *
class-map ispection_default
 match default-inspection-traffic
policy-map global_policy
policy-map type inspect dns preset_dns-map
  message-length maximum 512
prompt hostname context
: end
no asdm history enable
Everyone's tags (2)
New Member

Hello Toddy, Can you check

Hello Toddy,


Can you check into this route route outside, the route should be the ISP ip address ( next hop ), on the same network as the outside interface.

Probably your ASA is not able to ping the internet but as soon as the ASA reaches the outside world you should be to get internet access on your computer,because the config for that looks fine.