Is anyone attempting this sort of configuration at their home? Do any configuration examples exist? I have two specific questions. I've tried PAP, CHAP, and MSCHAP on the PIX, but I can't get PPP to negotiate with the Verizon network; debuging info doesn't give me anything more verbose than "config regected". Secondly, how do I specify PAT rules, when I don't know what the Outside IP will be at any one given moment? I know with normal routing statements on routers, you can specify an interface *name* versus an IP. Is this possible in some way on the PIX?
Since I only have one Outside IP address, I have to use PAT, in order to advertize services to the Internet - several different TCP ports on the outside IP address will map to different IPs on the Inside Interface.
The trick here, is that I was wondering how to allow packets into my network and/or make static statements with the IP on the Outside interface changing. The trick is, to refer to 'interface outside' instead of specifying an actual IP. I did this, and it seems to work just fine.
Also, though this doc doesn't have it, if you end up trying to use mschap, I'd add:
vpdn group group_name ppp encryption mppe 40 | 128 | auto [required]
and set it to auto
You may have to change the authentication method - in the documents I found pap, chap, mschap, and mschapv2 were all checkmarked for fios use, so you'll have to play around with it. I hope it's not mschapv2, because as of pix 7.2, mschapv2 isn't supported.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...