Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Setting up Pix 501 with an ADSL connection

Hi,

I have a pix 501 I have included the config below (as you can see its pretty much out of the box)

I also have a adsl line from an ISP. The ISP supplied a Zoom X3 ethernet modem. When the dsl line is connected to a pc it uses PPP half bridge and the nic in the pc picks up a dynamic address from the ISP.

Is it possible to take the ethernet cable from the adsl modem and put it into the outside interface of the PIX. From what I can see the outside interface on the Pix is set to DHCP. However when I plug it into the pix I cannot get out to the net and I cannot see an IP address on the outside int.

any ideas/solutions?

John

Building configuration...

: Saved

:

PIX Version 6.1(4)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd xxxxx encrypted

hostname pixfirewall

domain-name ciscopix.com

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

pager lines 24

interface ethernet0 10baset

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside dhcp setroute

ip address inside 192.168.1.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community xxxx

no snmp-server enable traps

floodguard enable

no sysopt route dnat

telnet 192.168.1.0 255.255.255.0 inside

telnet timeout 5

ssh timeout 5

dhcpd address 192.168.1.2-192.168.1.129 inside

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

terminal width 80

Cryptochecksum:xxxxx

: end

[OK]

11 REPLIES
New Member

Re: Setting up Pix 501 with an ADSL connection

You shouldn't have a problem using a PIX 501 with an aDSL connection. By default, the PIX acts as a DHCP server & client.

Can you ping the PIX from your internal network?

Can your ISP ping your PIX?

Are all your computers on the 192.168.1.0 net?

Have you checked your DHCP/NAT settings?

Try rebooting your PCs so they get the new gateway/DHCP server.

If all else fails, wr erase and start with a clean config.

Gold

Re: Setting up Pix 501 with an ADSL connection

1. is the modem in bridged mode? or router mode?

2. isp often use pppoe/pppoa rather than dhcp.

New Member

Re: Setting up Pix 501 with an ADSL connection

Hi

The modem is set for PPP bridged mode. This is passing on the DHCP address to what ever is connect to the modem. Works fine on a pc but not on Pix 501

The ISP is using PPPoE LLC

John

New Member

Re: Setting up Pix 501 with an ADSL connection

Hi

Yes I can ping the pix from the inside

Can ping the pix outside because the Pix is not getting the dhcp address assigned by the ISP

All PC's on the 192.160.1.x net

What Dhcp/Nat setting, I am very new to Pix's

Reboot and the pc got ip addresses with the pix as gateway

John

Re: Setting up Pix 501 with an ADSL connection

Hi,

what happens when you type in this command:

"ip address outside dhcp setroute"

Kind Regards,

Tom

New Member

Re: Setting up Pix 501 with an ADSL connection

Hi Tom

I entered the command, I think it was already there (see config)

The pix took the command.

I tried turning on the ADSL modem first so it connects to the ISP and then the firewall. While it was booting I consoled on. It is trying to get an IP but it gets the following error

DHCP command failed

Warning: Start and End addresses overlap with broadcast address.

outside interface address added to PAT pool

.

Any ideas.

John

Re: Setting up Pix 501 with an ADSL connection

Hi,

if you are using a xdsl connection your probably need to configure the ppoe client on your pix. The easiest way to do this is using the PDM (graphical interface) and run the wizard.

You probable have to provide a username and password to log into your ISP.

Regards,

Tom

New Member

Re: Setting up Pix 501 with an ADSL connection

Hi. Pix didn't support PPPOE until 6.2

You are running 6.1(4) so you'll have to upgrade. Once you upgrade to 6.2 or newer your config will look something like:

ip address outside pppoe setroute

vpdn group pppoe_group request dialout pppoe

vpdn group pppoe_group localname *****@sbcglobal.net

vpdn group pppoe_group ppp authentication pap

vpdn username *****@sbcglobal.net password *********

Also, see this document to configure PPPOE using the PIX:

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00801055dd.shtml

C-ya,

Mike

New Member

Re: Setting up Pix 501 with an ADSL connection

Hi Mike

Thanks for the reply. I upgraded the pix to 6.3. once I did this it picked up and address from the isp straight away.

I did not need the pppoe settings dhcp was enough.

However I have noticed that the pix is changing outside IP quiet often. any ideas?

John

New Member

Re: Setting up Pix 501 with an ADSL connection

John...

Sometimes with ADSL connections as well as with cable modem connections where the ISP device issues the IP address via DHCP, the device may cache the mac address of the requesting machine. In your case, your PC's mac address may be cached in your ADSL modem. I have also found if my PIX (515) boots before the cable modem or ADSL modem is booted and does not recieve a DHCP address, it will not RE-Request and address. So I would try first rebooting the ADSL modem without your PC connected to it. Then connect your PIX and type the command:

ip address outside dhcp setroute

Then you should be able to do a "sh int" and see the ip address assigned to the interface.

Hope that helps...

Jamey

New Member

Re: Setting up Pix 501 with an ADSL connection

Hi Jamey

Thanks for the reply. I noticed something similiar happening. I upgraded to 6.3 and the pix 501 picked up the DHCP address from the ISP straight away.

How ever I am noticing now the the dhcp address changes a random (short) time periods and this can affect some devices on the inside to require a reboot. I am sure the dsl modem and the pix have n ot power cycled, have you ever seen this?

John

171
Views
9
Helpful
11
Replies
CreatePlease login to create content