Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix 506e PPPoA

I get connected to my ISP using PPPoA, but how do i configure it in the pix? If PPPoE, normally we using VPDN command, ip address Ifname pppoe, ip address outside pppoe. How about if PPPoA? is it possible to configure the pix to dial ADSL modem using PPPoA?

Thanks

3 REPLIES

Re: Pix 506e PPPoA

So far, PIX only support PPPoE, not PPPoA.

This is because PIX/ASA does not have the ability to dial. It depends on external devices such as router to initiate the PPPoA connection.

For PPPoE, PIX definitely support it as it is based on ethernet/LAN connectivity.

Rgds,

AK

New Member

Re: Pix 506e PPPoA

Hello dude, thanks for reply.

Need your advice for the following:

I have 1 static ip from my ISP 218.xxx.xxx.161 gateway is 218.xxx.xxx.162 and a subnet mask 255.255.255.252 , encapsulation is PPPoA LLC.

The problem is, my static ip is received 1st by ADSL modem/router, not the PIX. Already set it to bridge mode, and disable NAT, still no luck. What i'm doing now is doing PAT on the outside firewall interface, private ip 10.1.1.2 to public ip 218.xxx.xxx.161, which is very weird and not secure against any type of DOS attack (ADSL Modem/Router down 1st). Any idea how to solve this matter? let me know if you need more info.

Thanks

Re: Pix 506e PPPoA

So, in this case, the ADSL modem/router will get/carry the IP. But your intention is to use PIX to protect it against Dos/DDoS attack.Based on current setup, the ADSL modem/router is exposed to such threats as it was the primary device to enable you to get connected to the internet (via ISP).

I think you may not be able to achieve that with PPPoA. It is possible with PPPoE as the Ethernet connection allows you to put PIX in front of anything else first. But with PPPoA, you definitely need to put the ADSL modem/router first before the firewall. This is similar like connecting your router to leaseline via serial port before connecting the router to firewall.

As far as I am concerned, most of ADSL modem/routers typcially came with anti-spoofing or anti DoS attack as most manufacturers are aware of the attacks.

Have you checked the security features of your modem/router?

HTH

AK

195
Views
0
Helpful
3
Replies
CreatePlease login to create content