Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX & 877 with BT ADSL ( Business ADSL network pacakge )

I am getting more help on this forum than from BT itself they are so un helpfull is unbeliveable.

Thank you everyone who helped earlier and will help now :)

My very recent post on this forum was..

" Cisco 3750--cisco Pix 515 E --- Cisco 877"

***********************

pix config attached with the message

**********************

Now as you see I have been advised by experts here on that post all I need is this config

*** extract from my earlier post ****

!

bridge irb

!

!

interface Ethernet0

no ip address

bridge-group 1

bridge-group 1 spanning-disabled

hold-queue 100 out

!

!

interface ATM0

description ADSL interface

ip address 1.1.1.6 **** edited line **

no atm ilmi-keepalive

dsl operating-mode auto

bridge-group 1

bridge-group 1 spanning-disabled

pvc 0/35

!

**************************

I have edited one line is the ip address on the ATM int.

So would that make this pix and the Cisco 877 work and this desin is safe to use and ofcourse stable as we use satic ip address on the 877 router as well.

cheers

12 REPLIES
New Member

Re: PIX & 877 with BT ADSL ( Business ADSL network pacakge )

With the bridging you will not need an ip address on the 877. The 877 simply replaces BT router for the DSL transmission. The pix would proxy-arp the IP's that you need for your external subnet.

Re: PIX & 877 with BT ADSL ( Business ADSL network pacakge )

Hi .. on the ADSL router you need to make sure the interface connected to the PIX has an IP address on the same range as the outside interface. The ATM IP address should be allocated either dynamically or statically. You also need to make sure you add a static route on your ADSL router for your public network range which points to the firewall outside interface. Also disable NAT on your ADSL router. to avoid problems when trying to access the Internet from your inside ntwork, I suggest to modify the below entry on your PIX

global (outside) 1 interface to

global (outside) 1

I hope it helps ... please rate it if it does !!!

New Member

Re: PIX & 877 with BT ADSL ( Business ADSL network pacakge )

To be honest I am so confused with this so please bear with me.

I dont mean to offend anyone here but the earlier post says you dont need to assign a ip address which is concerning as we currently do have one assigned on the BT router though I cannot access it I know there is as I can even ping from the public side.

Secondly why woul dI need ot edit the pix config as long as I try to configure the ADSL rotuer in the correct manner OR the similar fashion it works right now with the BT rotuer.

I am sure Cisco rotuers can do either similar OR MORE features than compared to a BT rotuer.

I did post my pix config primarly coz if somone can post me a config for the new ADSL 877 if at all possible :)

I am still at a beginners state so trying to get my head around all the terminology.

Further to that I dont intend to create a new network between the pix and BT rotuer (none exisit currently either) so I will need to in a way either share the same ip on the outside and inside interface on the 877??? am I making sense please feel free to stop me if I am not.

cheers

Re: PIX & 877 with BT ADSL ( Business ADSL network pacakge )

If BT have given you a static address range (typically a /29) then you:

Remove bridging config.

put static address range on ethernet0 of the 877.

Use "ip address negotiated" on Dialer interface.

2nd IP from static address range goes on PIX.

default route from PIX points to Ethernet0 on 877.

New Member

Re: PIX & 877 with BT ADSL ( Business ADSL network pacakge )

You can do it either way that you are comfortable with, as long as you understand what you did. You can go the bridging route or traditional way with router as l3 device in front of the FW.

Re: PIX & 877 with BT ADSL ( Business ADSL network pacakge )

Hi .. let's clarify a couople of things .. are you trying to connect to the Internet as below:

local LAN->PIX->877 router->Internet

If this is correct then please answer these questions:

1.- Have you been given a public range to be used for the outside interface of the PIX or are you planning on using a private IP address ..?

2.- Are you saying that it works OK when connected

local LAN->PIX->BT router-> Internet ..?

New Member

Re: PIX & 877 with BT ADSL ( Business ADSL network pacakge )

Note: We have not yet purchased a 877 but planning too do so...

The pix has more than 5 ip add i.e. the config attached earlier is a live working config ....

*.*.*.1 Outside

*.*.*.2 webserver published

*.*.*.3 SMTP published

*.*.*.4 spare

*.*.*.5 spare

*.*.*.6 BT ADSL router (default gateway for pix)

We will be replacing the BT router with a 877.

So we want to ensure the rotuer allows all traffic and only works as a ADSL side of things like the current BT rotuer does.

We do not have any seprate networks between the outside of PIX and BT rotuer

(LAN)cisco 3750--pix inside10*.*.*---outside*.*.*.1--BT rotuer*.*.*.6

all clients Default gateway is the isnide of the pix 10.*.*.*

I hope this answers all the queries.

cheers

New Member

Re: PIX & 877 with BT ADSL ( Business ADSL network pacakge )

Did we finalyze a config on this ?

I hope I am not being a pain :)

cheers

Re: PIX & 877 with BT ADSL ( Business ADSL network pacakge )

The jist of the 877 config is below, but you should add security to this.

interface Ethernet0

ip address *.*.*.6 255.255.255.248

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode auto

hold-queue 224 in

interface Dialer1

ip address negotiated previous

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname BT_CHAP_USERNAME

ppp chap password BT_CHAP_PASSWORD

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

dialer-list 1 protocol ip any

New Member

Re: PIX & 877 with BT ADSL ( Business ADSL network pacakge )

grant.maynard

Thank you so much for taking the time to post this config. I have rated that post as well.... :)

The way I understnad the config is that I need to assign the internal eth0 interface the static ip range *.6 :) and the ADSL dialer will be on DHCP...

Everyone on the public side will still be able to find routes to our pix or any hosted services am I correct in saying that ?

As for security do I really need any ACL's on this rotuer ? as the pix is intended to take care of that entirely so we can leave all ports open inbound?

cheers

New Member

Re: PIX & 877 with BT ADSL ( Business ADSL network pacakge )

take a look at the following link:

http://www.cymru.com/Documents/secure-ios-template.html

I would suggest you follow those instructions for your router facing the Internet.

Re: PIX & 877 with BT ADSL ( Business ADSL network pacakge )

yes, dialer1 will have a different IP and BT will know to route to your /28 via the Dialer1 IP. It's all set up on their AAA server.

Always put ACL on vty and SNMP. I also always disable http server and put anti-spoof (RFC whatever) ACL inbound on dialer1.

And disable unneccessary services e.g finger etc. Easiet thing to do here is run 877 through SDM and follow its suggestions. Obviously you have to enable http server for this, then disable it by CLI after.

320
Views
7
Helpful
12
Replies