Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
3263
Views
0
Helpful
0
Comments

How to assign a PIX Firewall an outside interface IP address with DHCP or PPPOE

TCC_2
Level 10
Level 10

‎06-22-2009 05:27 PM - edited ‎03-08-2019 06:24 PM

Core issue

Sometimes it is necessary to configure a PIX to dynamically obtain an outside interface IP address.

Resolution

To configure the PIX Firewall to dynamically obtain an IP address for the outside interface, use either:

  • DHCP
  • Point-to-Point Protocol over Ethernet (PPPOE)

Note: DHCP does not require a username and password, while PPPOE does. If your Internet Service Provider (ISP) has provided a username and password, it is likely PPPOE is currently being used.

To configure the outside interface for DHCP, issue the ip address outside dhcp retry 5 command.

For DHCP, do not add a default gateway statically; instead add a default route to the configuration with the [setroute] option in the ip address command. For example, to configure the outside interface for DHCP and add a default route to the PIX, issue the ip address outside dhcp setroute retry 5 command.

Configuration of the outside interface for PPPOE is more complex. In this configuration example, sanjose is the username and cisco123 is the password provided by the ISP:

   ip address outside pppoe setroute
   ! --- Specify PPPOE as the method to obtain the address for the outside interface.
   vpdn group xyz request dialout pppoe
   vpdn group xyz localname sanjose
   ! --- Note that the localname (sanjose) is the username the ISP provided.  
   vpdn group xyz ppp authentication pap
   vpdn username sanjose password cisco123
   ! --- Note that the password (cisco123) is the password the ISP provided.

If the PIX is configured properly, and there are still problems obtaining    an address, check the cables. If necessary, use a different cable. Also, verify the configuration of the DHCP server or PPPOE endpoint.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents