02-07-2005 08:05 AM - edited 02-20-2020 11:55 PM
All,
I'm attempting to install a PIX 501 behind a Efficient Networks / Speedstream DSL 5100B modem. I can't get the Internet connection working.
I've set up many of these PIX firewall using PPPoE in the past. I don't think there is a problem with the config or the PIX, in general.
This is a new site and I'm not familiar with this DSL modem.
Has anyone had any success getting this DSL modem to work with the PIX 501. I'll deal with the VPN later, I'm just trying to get Interenet access for now.
As always, thanks for your help.
-Mike
02-07-2005 08:50 AM
Plug a PC into the modem and see if you are able to get out to the internet. You might have to configure PPPOE on your PC. Can you paste your configs on the pix too ? I have used Speedstream DSL modems on two occasions and have been able to get it to work.
Here is a sample config for PIX for pppoe
## This will take care of PAT
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
## PPPOE config on the PIX
vpdn group Test request dialout pppoe
vpdn group Test localname
vpdn group Test ppp authentication pap
vpdn username
## The command below will set the default route on pix to the one obtained via PPPOE
ip address outside pppoe setroute
02-07-2005 08:57 AM
You will have to set the pix up for pppoe. If you do a "show int" are you getting an outside address?
Check out the "setroute" command for making the pix a pppoe client.
ip address outside pppoe setroute
also, check out http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00801055dd.shtml
Bob
02-07-2005 12:10 PM
How did you set up the Speedstream (5100b) DSL modem? I noticed there are only 3 settings for PPPoE capability.
Which one did you set on the modem?
Options: 1. Authentication on modem
2. Authentication on PC
3. Bridging only (on PPPoE)
Here is my config. But I think it's alright. I'm more concerned with the DSL modem at this point.
//Output of PIX config
PIX Version 6.2(1)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxx
passwd xxxx
hostname F254gk01
domain-name sonoco.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
access-list nonat permit ip 192.168.78.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list Hatsville permit ip 192.168.78.0 255.255.255.0 10.0.0.0 255.0.0.0
pager lines 24
logging on
logging buffered debugging
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside pppoe setroute
ip address inside 192.168.78.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
outbound 10 deny 0.0.0.0 0.0.0.0 0 udp
outbound 10 except 10.0.0.0 255.0.0.0 0 udp
outbound 11 deny 0.0.0.0 0.0.0.0 0 tcp
outbound 11 except 10.0.0.0 255.0.0.0 0 tcp
outbound 11 except 0.0.0.0 0.0.0.0 80 tcp
outbound 11 except 0.0.0.0 0.0.0.0 21 tcp
outbound 11 except 0.0.0.0 0.0.0.0 23 tcp
outbound 11 except 0.0.0.0 0.0.0.0 443 tcp
outbound 12 deny 0.0.0.0 0.0.0.0 0 icmp
outbound 12 except 10.0.0.0 255.0.0.0 0 icmp
apply (inside) 12 outgoing_src
apply (inside) 11 outgoing_src
apply (inside) 10 outgoing_src
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set standard esp-des esp-sha-hmac
crypto map corporate 10 ipsec-isakmp
crypto map corporate 10 match address Hatsville
crypto map corporate 10 set peer
crypto map corporate 10 set transform-set standard
crypto map corporate interface outside
isakmp enable outside
isakmp key ******** address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
telnet 192.168.78.0 255.255.255.0 inside
telnet timeout 60
ssh timeout 60
vpdn group bellsouth request dialout pppoe
vpdn group bellsouth localname user1@bellsouth.net
vpdn group bellsouth ppp authentication chap
vpdn username user1@bellsouth.net password *********
dhcpd address 192.168.78.200-192.168.78.231 inside
dhcpd dns 10.1.45.30 1.10.45.30
dhcpd wins 10.1.45.31 1.10.45.31
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd domain somedomain.com
dhcpd enable inside
terminal width 80
Cryptochecksum:xxxx
: end
[OK]
02-07-2005 12:20 PM
You can set it to bridged mode if you are enabling PPPOE on PIX. Your configs seem ok to me.
02-10-2005 01:14 AM
how to recover password of cisco pix 501
02-10-2005 04:18 AM
Here is a link to password recovery on a PIX
Hope this helps.
Please remember to rate all replies
02-12-2005 01:25 AM
Thanks a lot this was absolutely which i was trying to find out
I have 1 more question suppose i have 2 offices and i dont want to take leased or dialup and i want to use dsl (via internet) .Does i require static IP which isp will provide and i need to pay for that static ip seperate.
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide