RE: Simple scenario for PIX

From: Jens Petter (jenseike@start.no)
Date: Tue Aug 08 2006 - 13:25:15 ART

• Next message: Aamir Aziz: "Re: Simple scenario for PIX"
• Previous message: Darren Horobin: "Bulk Import of Users in ACS3.3 with Extended Radius Attirbutes"
• Maybe in reply to: Aamir Aziz: "Simple scenario for PIX"
• Next in thread: Aamir Aziz: "Re: Simple scenario for PIX"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi... Why would you need to do pppoe or pppoa (whatever he uses on the pix)
Most adsl modems you can do this on wven in bridge mode. We are delivering
pppoa and pppoe using modems/routers (netopia and cisco) that we are
bridging. Most also can do a router/bridge mix mode where you are using the
same ip address for the wan and Ethernet interface, hence your wan/Ethernet
interface address on the adsl modem is the DG of the ip address you set on
the pix.. Don't think that is possible in this scenario soince he is doing
dhcp. Disabling nat/dhcp is a no brainer if you do bridge mode.. that will
disable it selfe in most cases when you set the router to bridge mode

JEns

  _____

From: john matijevic [mailto:john.matijevic@gmail.com]
Sent: 8. august 2006 18:14
To: Jens Petter
Cc: Aamir Aziz; Guyler, Rik; ccielab@groupstudy.com
Subject: Re: Simple scenario for PIX

Hello Aamir,

Lets take this offline since this does not relate to the routing and
switching exam. Basically, if you setup bridgemode, you turn off nat and
dhcp on the router than you have to setup pppoe on the pix, you need to put
ip addresss outside pppoe on the pix. If you need assistance, I can help you
since I have setup numerous pixes with pppoe and static. But your ISP will
tell you if your router can be set to bridge mode for pppoe and they should
help you disable the nat and the dhcp on the router.

Sincerely,

John

On 8/8/06, Jens Petter <jenseike@start.no> wrote:

Your isp needs a route to that linknet between pix and adsl router.. You
should
Bridge the adsl router and you are good to go...

Jens

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Aamir Aziz
Sent: 8. august 2006 17:44
To: Guyler, Rik
Cc: ccielab@groupstudy.com
Subject: Re: Simple scenario for PIX

No i meant that the ADSL router is getting dynamic public IP from ISP, the
question is what network do i configure between the PIX and ADSL router,
public (but i dont have any static IP's from ISP) or private (doesnt seem to
work with private) so what to do?

Thanks
Aamir

On 8/8/06, Guyler, Rik <rguyler@shp-dayton.org> wrote:
>
> Aamir, you say that you should be getting a dynamic address form the ISP
> but
> yet it appears that you statically set the address on the outside
> interface.
> Weird but true...I've seen some devices not allow you through unless you
> actually get your address from that device, regardless if you use the same
> address or not.
>
> Try using "ip address outside dhcp setroute" as an alternative.
>
> Also, whenever I setup DSL or cable Internet access, I like to have the
> ISP
> device setup as a bridge so I can terminate the public address on my
> firewall. That way I can configure all the security myself as well as
> remote access, which will likely need some form of dynamic DNS since you
> are
> getting a dynamic address. The downside to doing this is that if you are
> using PPPOE, you will have to setup those parameters on your PIX instead
> of
> the DSL device.
>
> Rik
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto: nobody@groupstudy.com
<mailto:nobody@groupstudy.com> ] On Behalf Of
> Aamir Aziz
> Sent: Tuesday, August 08, 2006 10:58 AM
> To: ccielab@groupstudy.com
> Subject: Simple scenario for PIX
>
> Hi there ppl
>
> I have a simple scenario for PIX 506E but i cant seem to get it working,
> any
> help is appreciated:
>
> ADSL Router ----------PIX 506E-----------PC
>
> ADSL Router is getting dynamic public IP from ISP.
> ADSL router Local IP is = 10.1.1.1
>
> PIX outside = 10.1.1.2
> PIX inside = 192.168.1.2
>
> PC = 192.168.1.1
>
> PIX Version 6.3(5)
> ip address outside 10.1.1.2
> ip address inside 192.168.1.2 255.255.255.0 ip audit info action alarm ip
> audit attack action alarm pdm logging informational 100 pdm history enable
> arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0
> 0.0.0.0 0 0 route outside 0.0.0.0 0.0.0.0 10.1.1.1
>
> The ADSL router (Linksys) is also doing NATing. I have no static public
> IP.
>
> But net is not working on the PC, what am I missing here?
>
> Thanks
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Aamir Aziz: "Re: Simple scenario for PIX"
• Previous message: Darren Horobin: "Bulk Import of Users in ACS3.3 with Extended Radius Attirbutes"
• Maybe in reply to: Aamir Aziz: "Simple scenario for PIX"
• Next in thread: Aamir Aziz: "Re: Simple scenario for PIX"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:56 ART