cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
961
Views
5
Helpful
3
Replies

PPPoE on ASA

lcaruso
Level 6
Level 6

Hi,

I need to replace two small firewalls with an ASA. The ASA will need to support static PPPoE and dynamic PPPoE on different outside ports.

I'm looking for an example of either configuration and confirmation that the ASA can handle this setup (not load balancing or failover).

One connection is used for outbound Internet traffic and the other is used for inbound traffic to natted servers.

Thanks.

1 Accepted Solution

Accepted Solutions

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Lcaruso,

As you know with the ASA you can only have one active default gateway at the time ( on the routing table you can have only one default route over a specific interface)

Now let's say you have a server that you would like to access on port 80 from outside using a different Ip address than the one it uses with outbound packets,

I will do :

static (inside,outside) tcp interface 80 192.168.12.2 80

nat (inside) 2 192.168.2.2

global (outside) 2 4.2.2.2

In this case incoming traffic on port 80 will need to point the outside interface,

Any other traffic innitiated on the server side will look like 4.2.2.2 instead of the outside interface

PPPoE Setup on ASA's

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080ab7ce9.shtml

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Lcaruso,

As you know with the ASA you can only have one active default gateway at the time ( on the routing table you can have only one default route over a specific interface)

Now let's say you have a server that you would like to access on port 80 from outside using a different Ip address than the one it uses with outbound packets,

I will do :

static (inside,outside) tcp interface 80 192.168.12.2 80

nat (inside) 2 192.168.2.2

global (outside) 2 4.2.2.2

In this case incoming traffic on port 80 will need to point the outside interface,

Any other traffic innitiated on the server side will look like 4.2.2.2 instead of the outside interface

PPPoE Setup on ASA's

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080ab7ce9.shtml

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thanks much for the link and your example.

Not sure if I have it all down.

outside1 is interface connected to ASAs default gateway

outside2 is interface for incoming server connetions

local address 192.168.100.12 will be made available on port 80

ala 8.3+

object network 192.168.100.12

host 192.168.100.12

nat (inside,outside2) static interface service tcp www www

object network inside-network

subnet 192.168.100.0 255.255.255.0

nat (inside,outside1) dynamic

route outside1 0.0.0.0 0.0.0.0 foobar

Does that work?

Hello,

You should also have a default gateway pointing outside 2 and ofcourse the ACL permitting the inbound traffic on Outside 2.

I have seen it working so go ahead and try it and keep us posted

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: