Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

878 - Bridging a Dialer interface to an Ethernet port?

Hi,

One of our branch offices is connected via an SDSL connection to a Cisco 878, which in turn NAT's a FortiGate 110-C behind it. Obviously, this creates a double-NAT network and is suboptimal.

What I'm trying to achieve is the ability to assign the single public address received from the ISP to the FortiGate's WAN side. My problems are further exacerbated by FortiGate's lack of support for PPPOA dialing (which would simplify issues as I would just bridge the ATM interface).

Is this even possible?

Everyone's tags (5)
6 REPLIES
Community Member

Re: 878 - Bridging a Dialer interface to an Ethernet port?

Question. Why not assign the public address to the Cisco 878?  Or maybe set the 878 as a "permeter" router for the Firewall and nat everything going out - either on the firewall or the 878 - preferrable the router.

I have multiple ADSL connections setup and the link below helped me. I even have some that are bridged - so if you need a scrap config let me know I can post one for you. I don't know how it would relate to the SDSL - never touched it.

http://www.cisco.com/en/US/tech/tk175/tk818/tech_configuration_examples_list.html

E.

Community Member

Re: 878 - Bridging a Dialer interface to an Ethernet port?

Yeah, I'm definitely going to NAT everything but I'd prefer to manage the network from the FortiGate rather than the 878 (habits + ease of access for other admins).

Judging by the material in the link specified (and obviously some Google), it looks like what I need is a BVI containing Vlan1 and Dialer0. I'm just not sure how I proceed from there, with regard to assigning the public IP to the FG while still having the Cisco perform the dialing.

I'd definitely like to see a sample confguration, if possible.

Thanks!

Community Member

Re: 878 - Bridging a Dialer interface to an Ethernet port?

Here you go, Mark. The configs are from three different setup - ADSL bridge w/o BVI,  Cable connection with BVI and a WIFI connection with multiple BVI connected to Vlan.  Hope this helps some..

DialerString

Community Member

Re: 878 - Bridging a Dialer interface to an Ethernet port?

Hmm.

The cable-modem configuration seems most appropriate. Would the following work (I can't test at the moment)?

bridge irb

bridge 1 protocol ieee

bridge 1 ip routing

!

interface BVI1

no shut

ip address 10.0.0.254 255.255.255.0

!

interface atm0

no shut

no ip address

no ip directed-broadcast

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux

!

interface Dialer0

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip virtual-reassembly

encapsulation ppp

dialer pool 1

no cdp enable

ppp authentication chap callin

ppp chap hostname XXX

ppp chap password 0 YYY

bridge-group 1

!

interface vlan1

no shut

bridge-group 1

no ip address

!

ip route 0.0.0.0 0.0.0.0 Dialer0

Community Member

Re: 878 - Bridging a Dialer interface to an Ethernet port?

Hey Mark,

Don't think this is going to work. It still doesn't achieve the results your looking for. Also your atm interface would need to be connected to the di0 interface using the "dialer pool-member 1" command.  You'll have to use the Di0 interface to pull the ip from the provider which is set to negotiate the ip address. You would need to bridge to the Ethernet connection to the Dialer via a BVI  and somehow have the FW receive the ip address - which isn't going to happened dynamically.  How big is your block of addresses from the provider?

pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

interface Dialer0

ip address negotiated

dialer pool 1

!

Is you provider giving you a single static address with a /32 or do you have block of addresses?  I have single static /32 from the isp that is mapped to the loopback interface as such:

I had major problems with my provider at one time.

Int loopback 1

Ip address 1.1.1.1 255.255.255.255

!

Int di0

Ip unnumbered interface loopback 1

**I you have let's say a block of 4 (/30) - you could PROBABLY do something as such:

Interface di0

Ip unnumbered interface e0

!

Int e0

Desc "interface connected to FW"

Ip address 39.255.255.1 255.255.255.252

The firewall interface would be 39.255.255.2 255.255.255.252 - and your Admins could access the FW via a public address.

Community Member

Hi,Very old thread indeed :

Hi,

Very old thread indeed :)

Have you ever managed to solve that?

I am in similar boat. Have CISCO 887 with PPPoA configured. Got a block of /29 addresses. Now, All I am trying to do is assign one of them to the watchguard firewall. 

Will bridging the Dialer0 with VLAN1 do the trick?

Or would it have to be a Static one-to-one translation?

Thanks!

3721
Views
0
Helpful
6
Replies
CreatePlease to create content