My static is assigned by DHCP but reserved, tonight i managed to put the netgear DG834 into modem mode and connect it up to a netgear firewall and it all worked fine, my confirm is below:

Result of the command: "show conf"

: Saved

: Written by enable_15 at 16:38:19.268 GMT/BST Wed Mar 13 2013

!

PIX Version 8.0(4)

!

hostname bmi-515-fw-01

domain-name buildmeit.internal

enable password XXXXXXXXXXXXXX encrypted

passwd XXXXXXXXXXXXXX encrypted

names

name 10.52.10.1 XXXXXX description Proxy Server

name 10.52.10.2 XXXXXX

name 10.52.10.5 XXXXXX

name 10.52.10.15 XXXXXX description Mail Server

name 10.52.10.20 XXXXXX

!

interface Ethernet0

nameif outside

security-level 0

pppoe client vpdn group PLUSNET

ip address pppoe

!

interface Ethernet1

nameif mgmt

security-level 100

ip address 192.168.1.254 255.255.255.0

management-only

!

interface Ethernet2

nameif inside

security-level 100

ip address 10.52.100.123 255.255.255.0

!

banner exec XXXX PIX Firewall

banner login XXXX PIX Firewall

banner motd XXXX PIX Firewall

ftp mode passive

clock timezone GMT/BST 0

clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00

dns domain-lookup outside

dns server-group DefaultDNS

domain-name buildmeit.internal

dns server-group defaultdns

name-server 212.159.6.10

name-server 212.159.6.9

same-security-traffic permit intra-interface

object-group service RDP tcp

port-object eq 3389

object-group service vpn tcp

port-object eq pptp

object-group service WEB tcp

port-object eq www

port-object eq https

access-list outside_in extended permit tcp any interface outside eq smtp

access-list outside_in extended permit tcp any interface outside eq https

access-list outside_in extended permit ip 192.168.69.0 255.255.255.0 any

access-list LOCAL standard permit 192.168.1.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.69.0 255.255.255.0

access-list XXXX2-VPN_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0

access-list inside_access_in extended permit ip any any

pager lines 24

logging enable

logging asdm informational

logging from-address

logging recipient-address  level errors

logging recipient-address level errors

mtu outside 1500

mtu mgmt 1500

mtu inside 1500

ip local pool Pool 192.168.1.120-192.168.1.125 mask 255.255.255.0

ip local pool BMI2VPN 192.168.69.1-192.168.69.254 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

asdm image flash:/asdm-61551.bin

asdm location BMI-FILE1 255.255.255.255 mgmt

asdm location BMI-ADC1 255.255.255.255 mgmt

asdm location BMI-ADC2 255.255.255.255 mgmt

asdm location BMI-MAIL1 255.255.255.255 mgmt

asdm location BMI-MGMT2 255.255.255.255 mgmt

no asdm history enable

arp timeout 14400

global (outside) 101 interface

nat (mgmt) 0 access-list inside_nat0_outbound

nat (mgmt) 101 0.0.0.0 0.0.0.0

nat (inside) 101 0.0.0.0 0.0.0.0

static (inside,outside) tcp interface smtp BMI-MAIL1 smtp netmask 255.255.255.255

static (inside,outside) tcp interface https BMI-MAIL1 https netmask 255.255.255.255

access-group outside_in in interface outside

access-group inside_access_in in interface mgmt

route outside 0.0.0.0 0.0.0.0 195.166.128.192 1

route inside 10.52.0.0 255.255.0.0 10.52.100.123 1

route mgmt 192.168.0.0 255.255.0.0 192.168.1.254 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 0.0.0.0 0.0.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

no sysopt connection permit-vpn

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac

crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000

crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map outside_map interface outside

crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map inside_map interface mgmt

crypto isakmp enable outside

crypto isakmp enable inside

crypto isakmp policy 5

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 10

authentication pre-share

encryption des

hash sha

group 2

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

telnet 0.0.0.0 0.0.0.0 inside

telnet timeout 5

ssh timeout 5

console timeout 0

vpdn group PLUSNET request dialout pppoe

vpdn group PLUSNET localname itian@plusdsl.net

vpdn group PLUSNET ppp authentication pap

vpdn group pppoex request dialout pppoe

vpdn group pppoex localname itian@plusdsl.net

vpdn group pppoex ppp authentication chap

vpdn username XXXXXXXXXXXXX@XXXXXXXXX password XXXXXXXXXX store-local

threat-detection basic-threat

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ntp server 10.52.10.3 source inside prefer

ntp server 10.52.10.4 source inside

group-policy DefaultRAGroup internal

group-policy DefaultRAGroup attributes

wins-server value 192.168.1.10 192.168.1.12

dns-server value 192.168.1.10 192.168.1.12

vpn-tunnel-protocol l2tp-ipsec

default-domain value buildmeit.internal

group-policy BMI-VPN internal

group-policy BMI-VPN attributes

wins-server value 192.168.1.10

dns-server value 192.168.1.10

vpn-tunnel-protocol IPSec

default-domain value buildmeit.internal

group-policy BMI2-VPN internal

group-policy BMI2-VPN attributes

wins-server value 192.168.1.12 192.168.1.10

dns-server value 192.168.1.10 192.168.1.12

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value BMI2-VPN_splitTunnelAcl

default-domain value buildmeit.internal

username ian.taylor password ROTdnj94LSs86qI/ encrypted privilege 15

username ian.taylor attributes

vpn-group-policy BMI-VPN

username andrew.guthrie password SSSSSSSSSSSSS encrypted privilege 15

username andrew.guthrie attributes

vpn-group-policy BMI-VPN

tunnel-group DefaultRAGroup general-attributes

address-pool Pool

default-group-policy DefaultRAGroup

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key *

tunnel-group DefaultRAGroup ppp-attributes

authentication ms-chap-v2

tunnel-group BMI-VPN type remote-access

tunnel-group BMI-VPN general-attributes

default-group-policy BMI-VPN

dhcp-server 192.168.1.10

tunnel-group BMI-VPN ipsec-attributes

pre-shared-key *

tunnel-group BMI2-VPN type remote-access

tunnel-group BMI2-VPN general-attributes

address-pool BMI2VPN

default-group-policy BMI2-VPN

tunnel-group BMI2-VPN ipsec-attributes

pre-shared-key *

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect icmp

!

service-policy global_policy global

smtp-server 192.168.1.3

prompt hostname context

Cryptochecksum:7115f4e0431719f3aa0e6cb85ec7a152

I think my firewall needs a rebuild at some point.

Can you provide the output of:  "sho vpdn pppinterface" and " sho vpdn session"?

Have you tried using your ASA and the modem working in bridge mode?

Will send over tonight

Hello,

I tried your suggestion, see below:

I already tried the netgear in bridge mode\modem mode

Some other screenshots you may find useful: