I get connected to my ISP using PPPoA, but how do i configure it in the pix? If PPPoE, normally we using VPDN command, ip address Ifname pppoe, ip address outside pppoe. How about if PPPoA? is it possible to configure the pix to dial ADSL modem using PPPoA?
I have 1 static ip from my ISP 218.xxx.xxx.161 gateway is 218.xxx.xxx.162 and a subnet mask 255.255.255.252 , encapsulation is PPPoA LLC.
The problem is, my static ip is received 1st by ADSL modem/router, not the PIX. Already set it to bridge mode, and disable NAT, still no luck. What i'm doing now is doing PAT on the outside firewall interface, private ip 10.1.1.2 to public ip 218.xxx.xxx.161, which is very weird and not secure against any type of DOS attack (ADSL Modem/Router down 1st). Any idea how to solve this matter? let me know if you need more info.
So, in this case, the ADSL modem/router will get/carry the IP. But your intention is to use PIX to protect it against Dos/DDoS attack.Based on current setup, the ADSL modem/router is exposed to such threats as it was the primary device to enable you to get connected to the internet (via ISP).
I think you may not be able to achieve that with PPPoA. It is possible with PPPoE as the Ethernet connection allows you to put PIX in front of anything else first. But with PPPoA, you definitely need to put the ADSL modem/router first before the firewall. This is similar like connecting your router to leaseline via serial port before connecting the router to firewall.
As far as I am concerned, most of ADSL modem/routers typcially came with anti-spoofing or anti DoS attack as most manufacturers are aware of the attacks.
Have you checked the security features of your modem/router?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :