Solved: PPPoE DSL / PIX 501 HELP Needed

planzone · ‎01-20-2007

Hi - I am unable to ping the outside world / access internet from the console or from a pc on the LAN I have DSL with static IP. (ip's have been changed in the below config to protect the innocent). I want to be able to install my pix501 firewall to the modem. I understand I have to put the modem into bridge mode. (Contacted ISP and they said to "reset it" by press the reset button on the back for 3 seconds and it would be in bridge mode) Type of modem is a Speedstream4200. My pix knowledge is limited - but I enjoy this stuff.. Any help would be appreciated

The config is attached:

If this were a cable modem or a real ISP i think I would have had much less headaches.. The DSL provider isnt much help they say "it should work but we do not support it" but the tell me to bridge mode the modem I also tried it without bridging it I figured what the heck. I was getting frustrated by then and really do not know what else to do.

Also there is a server that would handle DHCP for dishing it out to the clients but i was plugged into eth1 port and game my laptop a static ip within that network and still nothing (besides I tried pinging from console of pix and nothing.

p.s. I hope all of this is legible

RONNIE HIGGINBOTHAM · ‎01-22-2007

add the following command

access-list outside_access_in permit icmp any any echo-reply

This will allow ICMP replies back into your inside network

View solution in original post

RONNIE HIGGINBOTHAM · ‎01-20-2007

Is your tunnel or session UP?

show vpdn session

Try changing the commands below (Not sure what your ip's are if you changed the config)

no ip address outside 151.200.151.200 255.255.255.252 pppoe

no route outside 0.0.0.0 0.0.0.0 151.200.151.200 1

ip address outside pppoe setroute

can you then paste (run it a few times wait about 5 minutes and see if session is UP)

show vpdn session

planzone · ‎01-21-2007

The tunnel session is not yet up due to the fact that I dont have the pix installed at the other site yet. Right now my concern is getting internet etc. from the site (config) that I have sent. I am not that far along yet to test the tunnel.

So from the command are you saying to pick it up dynamically per se'?

RONNIE HIGGINBOTHAM · ‎01-21-2007

This session has nothing to do with a VPN connection or a pix on the other end. If your PPPOE connection is working correctly to your ISP you should see the session as up. (ie you should be able to access the internet and surf)

Please review link

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/pixclnt.htm#wp1072346

How many static IP's do you have from your ISP 1 or more than 1?

If you are running PPPOE with 1 static you should dynamically pull the ip from your ISP.

planzone · ‎01-21-2007

OHHH! So Sorry - pardon the ignorance...

I think I know what you mean now... PPPoe tunnel . (I did say my knowledge was limited..:))

just one ip to the best of my knowledge.

so it looks lke i am missing crucial info from my config then??

planzone · ‎01-22-2007

Ok i put in those commands and i was able to ping the internet from the console with the pix. I just can seem to ping from a PC on the lan. I have the gateway setting at 192.168.254.1 in the nic properties..

i also gave a pc a static ip and still was unable to ping out to the internet..

Only able to ping from the console

RONNIE HIGGINBOTHAM · ‎01-22-2007

add the following command

access-list outside_access_in permit icmp any any echo-reply

This will allow ICMP replies back into your inside network

planzone · ‎01-24-2007

Thanks. I am up and running.

I apprecieate your replies.