Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
518
Views
0
Helpful
3
Replies

Basic Router and PIX over ADSL setup

Go to solution
n9xrg
Level 1
Level 1

‎01-14-2005 04:07 PM - edited ‎02-20-2020 11:52 PM

I have a 1751 router with an ADSL WIC card, a PIX 506E and a 24 port Catalyst 2950. The office is connected via DSL with one public IP. I also have a 837 ADSL router (But I don't think that I will need it with the ADSL card in the 1751). I need to set up a WAN connectivity, a site to site static tunnel and also allow Cisco VPN client access. I was wondering if anyone had any suggestions or configuration examples to start me out on the right path with this. I also wanted to have either the router or the PIX hand out DHCP addresses. Additionally I have never configured the ATM (ADSL) card in the router. I don't know if I need to assign the public IP to it or bridge it to the PIX.

Thank you very much

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sachinraja
Level 9
Level 9
In response to n9xrg

‎01-15-2005 04:55 AM

Hi...

i presume that the firewall is connected on the inside interface of the router. the default gateway of the firewall is the ISP router IP. right ?? Now, configure the DHCP and the other things as told in the previous post..

On the firewall, any traffic from inside to outside is open. so, you need not worry connecting onto a vpn server from inside. do let us know if you need any more information.

For site to site ipsec tunnel, refer to the following url.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801c4445.shtml#configs

see the configurations on the PIX and replicate it to ur requirement.

Raj

View solution in original post

0 Helpful
3 Replies 3

Go to solution
sachinraja
Level 9
Level 9

‎01-14-2005 10:33 PM

hello

you can configure the ADSL ATM interface as given in the document below. You need to get in touch with your ISP regarding the authentication method. Infact most of the ISPs configure the end client router for ADSL.

http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093e64.shtml#configs

Normally on a PIX, any traffic from inside to outside is allowed. In case you have any inbound ACL, you need to allow UDP port 500 & UDP 4500 to allow VPN client access. leave it by default and all your traffic will be passed through the PIX.

its always advisible to have a seperate dhcp server rather than configuring it on pix or routers. this might increase the processing of pix, which is not desirable.anyway, if u want to configure dhcp server, you can use the following commands on pix:

dhcpd address 10.0.1.101-10.0.1.110 inside

dhcpd dns 192.168.10.1 192.168.10.5 (optional)

dhcpd wins 192.168.10.5 (optional)

dhcpd lease 3000

dhcpd domain example.com (optional)

dhcpd enable inside

hope this helps.. all the best.. rate replies if found usefl..

Raj

0 Helpful

Go to solution
n9xrg
Level 1
Level 1
In response to sachinraja

‎01-15-2005 04:38 AM

Raj,

Thank you very much for the quick reply. I guess that I should have included a config of the 837 router that is being taken out. It is currently bridged and the outside interface of the PIX is assigned the public IP.

Here is the 837 Config:

version 12.3

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname ADSL

!

enable secret xxxx

!

username xxxx privilege 15 password xxxx

clock timezone IND 5

no aaa new-model

ip subnet-zero

no ip routing

!

!

ip audit notify log

ip audit po max-events 100

no ftp-server write-enable

!

!

!

!

!

!

!

interface Ethernet0

no ip address

no ip route-cache

bridge-group 1

hold-queue 100 out

!

interface ATM0

no ip address

no ip route-cache

no atm ilmi-keepalive

pvc 8/35

encapsulation aal5snap

!

dsl operating-mode ansi-dmt

bridge-group 1

!

interface FastEthernet1

no ip address

duplex auto

speed auto

!

interface FastEthernet2

no ip address

duplex auto

speed auto

!

interface FastEthernet3

no ip address

duplex auto

speed auto

!

interface FastEthernet4

no ip address

duplex auto

speed auto

!

ip classless

ip http server

no ip http secure-server

!

access-list 23 permit 10.10.10.0 0.0.0.255

bridge 1 protocol ieee

!

line con 0

exec-timeout 120 0

no modem enable

stopbits 1

line aux 0

line vty 0 4

access-class 23 in

exec-timeout 120 0

login local

length 0

!

scheduler max-task-time 5000

!

end

0 Helpful

Go to solution
sachinraja
Level 9
Level 9
In response to n9xrg

‎01-15-2005 04:55 AM

Hi...

i presume that the firewall is connected on the inside interface of the router. the default gateway of the firewall is the ISP router IP. right ?? Now, configure the DHCP and the other things as told in the previous post..

On the firewall, any traffic from inside to outside is open. so, you need not worry connecting onto a vpn server from inside. do let us know if you need any more information.

For site to site ipsec tunnel, refer to the following url.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801c4445.shtml#configs

see the configurations on the PIX and replicate it to ur requirement.

Raj

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card