Re: Simple scenario for PIX

From: john matijevic (john.matijevic@gmail.com)
Date: Tue Aug 08 2006 - 13:14:01 ART

• Next message: Darren Horobin: "Bulk Import of Users in ACS3.3 with Extended Radius Attirbutes"
• Previous message: Jens Petter: "RE: Simple scenario for PIX"
• Maybe in reply to: Aamir Aziz: "Simple scenario for PIX"
• Next in thread: Jens Petter: "RE: Simple scenario for PIX"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello Aamir,
Lets take this offline since this does not relate to the routing and
switching exam. Basically, if you setup bridgemode, you turn off nat and
dhcp on the router than you have to setup pppoe on the pix, you need to put
ip addresss outside pppoe on the pix. If you need assistance, I can help you
since I have setup numerous pixes with pppoe and static. But your ISP will
tell you if your router can be set to bridge mode for pppoe and they should
help you disable the nat and the dhcp on the router.
Sincerely,
John

On 8/8/06, Jens Petter <jenseike@start.no> wrote:
>
> Your isp needs a route to that linknet between pix and adsl router.. You
> should
> Bridge the adsl router and you are good to go...
>
> Jens
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Aamir Aziz
> Sent: 8. august 2006 17:44
> To: Guyler, Rik
> Cc: ccielab@groupstudy.com
> Subject: Re: Simple scenario for PIX
>
> No i meant that the ADSL router is getting dynamic public IP from ISP, the
> question is what network do i configure between the PIX and ADSL router,
> public (but i dont have any static IP's from ISP) or private (doesnt seem
> to
> work with private) so what to do?
>
> Thanks
> Aamir
>
> On 8/8/06, Guyler, Rik <rguyler@shp-dayton.org> wrote:
> >
> > Aamir, you say that you should be getting a dynamic address form the ISP
> > but
> > yet it appears that you statically set the address on the outside
> > interface.
> > Weird but true...I've seen some devices not allow you through unless you
> > actually get your address from that device, regardless if you use the
> same
> > address or not.
> >
> > Try using "ip address outside dhcp setroute" as an alternative.
> >
> > Also, whenever I setup DSL or cable Internet access, I like to have the
> > ISP
> > device setup as a bridge so I can terminate the public address on my
> > firewall. That way I can configure all the security myself as well as
> > remote access, which will likely need some form of dynamic DNS since you
> > are
> > getting a dynamic address. The downside to doing this is that if you
> are
> > using PPPOE, you will have to setup those parameters on your PIX instead
> > of
> > the DSL device.
> >
> > Rik
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Aamir Aziz
> > Sent: Tuesday, August 08, 2006 10:58 AM
> > To: ccielab@groupstudy.com
> > Subject: Simple scenario for PIX
> >
> > Hi there ppl
> >
> > I have a simple scenario for PIX 506E but i cant seem to get it working,
> > any
> > help is appreciated:
> >
> > ADSL Router ----------PIX 506E-----------PC
> >
> > ADSL Router is getting dynamic public IP from ISP.
> > ADSL router Local IP is = 10.1.1.1
> >
> > PIX outside = 10.1.1.2
> > PIX inside = 192.168.1.2
> >
> > PC = 192.168.1.1
> >
> > PIX Version 6.3(5)
> > ip address outside 10.1.1.2
> > ip address inside 192.168.1.2 255.255.255.0 ip audit info action alarm
> ip
> > audit attack action alarm pdm logging informational 100 pdm history
> enable
> > arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0
> > 0.0.0.0 0 0 route outside 0.0.0.0 0.0.0.0 10.1.1.1
> >
> > The ADSL router (Linksys) is also doing NATing. I have no static public
> > IP.
> >
> > But net is not working on the PC, what am I missing here?
> >
> > Thanks
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

-- 
John Matijevic
U.S. Installation Group
Senior Network Engineer
954-969-7160 ext. 1147 (office)
305-321-6232 (cell)

• Next message: Darren Horobin: "Bulk Import of Users in ACS3.3 with Extended Radius Attirbutes"
• Previous message: Jens Petter: "RE: Simple scenario for PIX"
• Maybe in reply to: Aamir Aziz: "Simple scenario for PIX"
• Next in thread: Jens Petter: "RE: Simple scenario for PIX"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:56 ART