Thanks very much Jorge

error I am getting is;

PPPoE: send_padi:(Snd) Dest:ffff.ffff.ffff Src:001f.9e98.0748 Type:0x8863=PPPoE-

Discovery

PPPoE: Ver:1 Type:1 Code:09=PADI Sess:0 Len:12

PPPoE: Type:0101:SVCNAME-Service Name Len:0

PPPoE: Type:0103:HOSTUNIQ-Host Unique Tag Len:4

PPPoE: 00000003

PPPoE: padi timer expired

I think this is a problem with my ISP using pppoa and not pppoe?

Just a bit of background I thought may help...

We used to have a PIX 501 connected to the same ADSL line, with the outside interface set to pickup via DHCP from the ADSL modem, which passed throught the public ip to the PIX. This all worked fine. The same setup on the ASA 5510 doesn't work. I have tried setting the ADSL to bridged mode and setting the PIX outside interface to PPPoE, which is what the config on the original post is. The third option is setting the ADSL to bridged and assigning a static ip to the ASA outside interface - what NAT and Routes would I need to setup to acheive this?

Many Thanks

Colin

Colin thanks for updating sorry for late reply, if you have just swaped the firewall from 501 to asa5510 and nothing was changed on the ISP side I would not think the isp had changed their provisioning at their end, however, if you issue debug pppoe events this will indicate sending PADI discovery frames to isp but no response I would then contact ISP to rule out any issues on settings.

If you do go with public static addressing on the outside interface your config have the necessary nat statements for NATing, ie global (outside ) 1 interface , and nat (inside ) 1 0.0, you will need default route route outside 0.0.0.0 0.0.0.0 1

Rgds

-Jorge

I have tried all setups but cannot get the ASA to work at all over my adsl line!

Both configs are posted below - is anybody aware of any differences between PIX and ASA which would stop this working

PIX - I realise I dont have the VPN Tunnel setup on the ASA as I can't even get internet access through it

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password password encrypted

passwd xxx

hostname pixfirewall

domain-name ciscopix.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

name 10.10.0.0 ISA2004

access-list inside_outbound_nat0_acl permit ip 10.9.0.0 255.255.0.0 ISA2004 255.255.0.0

access-list outside_cryptomap_20 permit ip 10.9.0.0 255.255.0.0 ISA2004 255.255.0.0

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside dhcp setroute

ip address inside 10.9.1.1 255.255.0.0

ip audit info action alarm

ip audit attack action alarm

pdm location ISA2004 255.255.0.0 outside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 10.9.0.0 255.255.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto map outside_map 20 ipsec-isakmp

crypto map outside_map 20 match address outside_cryptomap_20

crypto map outside_map 20 set pfs group2

crypto map outside_map 20 set peer 8.8.8.8

crypto map outside_map 20 set transform-set ESP-3DES-SHA

crypto map outside_map 20 set security-association lifetime seconds 3600 kilobytes 100000

crypto map outside_map interface outside

isakmp enable outside

isakmp key ******** address 8.8.8.8 netmask 255.255.255.255 no-xauth no-config-mode

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash sha

isakmp policy 20 group 2

isakmp policy 20 lifetime 28800

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 10.9.1.3-10.9.1.33 inside

dhcpd lease 86400

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

terminal width 80

Cryptochecksum:xxx

: end

ASA DHCP on next post

Many Thanks

Colin

ASA Config

ASA Version 7.2(3)

!

hostname ciscoasa

domain-name default.domain.invalid

enable password xxx

names

!

interface Ethernet0/0

nameif outside

security-level 0

ip address dhcp setroute

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.9.1.1 255.255.0.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

no nameif

no security-level

ip address 192.168.10.1 255.255.255.0

!

passwd password encrypted

ftp mode passive

dns server-group DefaultDNS

domain-name default.domain.invalid

pager lines 24

logging enable

logging console debugging

logging asdm informational

mtu outside 1500

mtu inside 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-523.bin

asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http 0.0.0.0 0.0.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet 10.9.0.0 255.255.0.0 inside

telnet timeout 5

ssh timeout 5

console timeout 0

dhcp-client client-id interface outside

dhcpd auto_config outside

!

dhcpd address 10.9.1.2-10.9.1.20 inside

dhcpd enable inside

!

!

!

prompt hostname context

Cryptochecksum:xxx

: end

Many Thanks

Colin

Hi

When i switched on debugging I am getting the following error constantly...any ideas why it is blocking traffic from my client to the internal interface of the ASA? I am assigned an ip address to the client from the ASA ok...

%ASA-7-609001: Built local-host NP Identity Ifc:80.46.114.128

%ASA-7-609001: Built local-host outside:192.168.1.1

%ASA-6-302015: Built outbound UDP connection 105 for outside:192.168.1.1/67 (192

.168.1.1/67) to NP Identity Ifc:80.46.114.128/68 (80.46.114.128/68)

%ASA-7-710005: UDP request discarded from 10.9.1.2/137 to inside:10.9.255.255/13

7

%ASA-7-710005: UDP request discarded from 10.9.1.2/137 to inside:10.9.255.255/13

7

%ASA-7-710005: UDP request discarded from 10.9.1.2/4945 to inside:10.9.1.1/53

%ASA-7-710005: UDP request discarded from 10.9.1.2/1026 to inside:10.9.1.1/53

%ASA-7-710005: UDP request discarded from 10.9.1.2/2187 to inside:10.9.1.1/53

%ASA-7-710005: UDP request discarded from 10.9.1.2/4945 to inside:10.9.1.1/53

%ASA-7-710005: UDP request discarded from 10.9.1.2/4945 to inside:10.9.1.1/53

l%ASA-7-710005: UDP request discarded from 10.9.1.2/4945 to inside:10.9.1.1/53

look at the host 10.9.1.2

"ipconfig /all"

and I think, you will get the answer.