03-13-2006 03:58 AM - edited 03-03-2019 02:14 AM
Hi all, Im new to using pix but I have managed to source one at home, a pix 501, I have a dsl internet connection on my cisco soho router, Can anyone please tell me simple steps in setting this pix up for internet access ?, configs and what needs plugging where would be helpful.
Thanks a million
Carlos
03-13-2006 12:55 PM
carlos,
If its a brand new pix 501 it should already have a default config that will allow you to plug it into a dsl or cable modem that is issueing DHCP. It then should allow you to connect a pc on the inside lease a DHCP address from the pix and allow you access out.
To make any more changes you can either use pdm or cli. I recommend PDM for anyone not confortable with CLI. If you post your cli config I can tell you if its setup with the default config or not. For more information go to cisco's learning connection:
or go to the pix area and look at the documentation on the right side:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/
Patrick
03-13-2006 03:28 PM
the first question is whether you would prefer the public ip to be assigned on the router as before, or on the pix.
the pros to assign the public ip on the pix is that you will only need to play with a single device in the future, and you don't need to login to the soho for any change.; the cons is that a little bit more configuration needs to be completed.
personally, i would assign the public ip on the pix. it requires to re-configure the soho to run in bridging mode as opposed to the typical routing mode, and configure pppoe (optional) on the pix if required by the isp.
below are the sample codes for router running in bridging mode:
interface Ethernet0
no ip address
no ip route-cache
bridge-group 1
hold-queue 100 out
!
interface ATM0
no ip address
no ip route-cache
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
!
dsl operating-mode auto
bridge-group 1
!
ip classless
ip http server
!
!
bridge 1 protocol ieee
below are the sample codes for pix with pppoe:
ip address outside pppoe setroute
ip address inside 192.168.1.1 255.255.255.0
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
vpdn group pppoe_group request dialout pppoe
vpdn group pppoe_group localname
vpdn group pppoe_group ppp authentication chap
vpdn username
03-13-2006 03:37 PM
Thanks for being so Helpful, I have someone here who is a CCIE, he says you dont need to run the routers in bridging mode, my other question is if I put my isp WAN ip on the pix, what ip addresses would I give my router as I thought this is already pulling in the wan ip to the dialler interface ?
thanks
Carlos
03-13-2006 05:33 PM
this is exactly why it is needed to re-configure the router running in bridging mode, which has no ip address on any interface. thus the only way to connect to the router afterwards is console.
as mentioned in my previous post, this is not necessary. you may deploy the pix without any public ip.
e.g.
internet <--> (public ip) router (192.168.1.1) <--> (192.168.1.2) pix (192.168.100.1) <--> 192.168.100.0
however, you would need to play with both device for any future changes.
03-14-2006 01:19 AM
Can you please post me an example config for the router outside then pix option ?
thanks
03-14-2006 02:03 AM
just wondering if you are referring to the one with router in bridging mode, and pix with pppoe. if so, they are already posted. please read my first post.
03-14-2006 02:06 AM
do we have to use pppoe, My router is set up for pppoa !!
03-14-2006 05:07 AM
pppoa is over atm interface; whereas pppoe is over ethernet. pix has no atm interface, thus it supports only pppoe.
these days both pppoe and pppoa should be supported at the isp end, at least in australia.
03-14-2006 05:40 AM
but the dsl is still connected from my atm0 on my router which is set up with pppoa, does this need to be taken off ?
03-14-2006 01:05 PM
please excuse me for not being able to explain the concept well.
dsl is still connected to the router atm interface, and that is exactly why the router needs to be re-configured in running bridging mode.
03-15-2006 04:17 AM
Hi Jackko
thx for the reply, will i still be using pppoa on my dsl interface and will this still bring up the connection via a dialler and access list ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide