(Double NAt) Terminate PPPOE within cisco router, or ASA 5505

johnsonjb · ‎09-07-2007

Hello

I am currently terminating my ISP's PPPoE connection (static IP) on my Cisco Soho77, and then using an internal IP on my firewalls outside interface and therefore double natting. I dont have a problem with this (makes me feel moer secure) but was just wanting some expert opinions regarding this since the ASA 5505 has the option to terminate the PPPoE session as well (then I could just do bridging on the Outside router. Any suggestions or thoughts would be great. I am also running a web server on the DMZ.

Thanks in advance

Jeff

aghaznavi · ‎09-13-2007

If the PPP keepalive mechanism is disabled on a customer premises equipment (CPE) device, a PPP over Ethernet (PPPoE) session will hang indefinitely after an aggregation device reload. The PPPoE Session Recovery After Reload feature enables the aggregation device to attempt to recover PPPoE sessions that failed because of reload by sending a PPPoE active discovery terminate (PADT) packet to the CPE. The CPE device is expected to take failure recovery action upon receipt of this packet

johnsonjb · ‎09-13-2007

Interesting, so maybe its better than to have the cpe inititiate the pppoe session?