GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: Simple scenario for PIX posted 08/08/2006
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Hello Aamir,
First of all you have to go into the configuration on the dsl modem and
usually this is in expert mode, there is an option that you set to bridge.
You also need to confirm with your ISP that the connction is set to bridge
mode. Next you would have to go and put pppoe commands first on the pix,
before you set the interface, otherwise you will have some issues..
Sincerely,
John


On 8/8/06, Aamir Aziz <aamiraz77@xxxxxxxxx> wrote:
>
> how do i bridge the ADSL router?
>
> thanks
> Aamir
>
> On 8/8/06, Jens Petter <jenseike@xxxxxxxx> wrote:
> >
> > Your isp needs a route to that linknet between pix and adsl router.. You
> > should
> > Bridge the adsl router and you are good to go...
> >
> > Jens
> >
> > -----Original Message-----
> > From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
> > Aamir Aziz
> > Sent: 8. august 2006 17:44
> > To: Guyler, Rik
> > Cc: ccielab@xxxxxxxxxxxxxx
> > Subject: Re: Simple scenario for PIX
> >
> > No i meant that the ADSL router is getting dynamic public IP from ISP,
> the
> > question is what network do i configure between the PIX and ADSL router,
> > public (but i dont have any static IP's from ISP) or private (doesnt
> seem
> > to
> > work with private) so what to do?
> >
> > Thanks
> > Aamir
> >
> > On 8/8/06, Guyler, Rik <rguyler@xxxxxxxxxxxxxx> wrote:
> > >
> > > Aamir, you say that you should be getting a dynamic address form the
> ISP
> > > but
> > > yet it appears that you statically set the address on the outside
> > > interface.
> > > Weird but true...I've seen some devices not allow you through unless
> you
> > > actually get your address from that device, regardless if you use the
> > same
> > > address or not.
> > >
> > > Try using "ip address outside dhcp setroute" as an alternative.
> > >
> > > Also, whenever I setup DSL or cable Internet access, I like to have
> the
> > > ISP
> > > device setup as a bridge so I can terminate the public address on my
> > > firewall.  That way I can configure all the security myself as well as
> > > remote access, which will likely need some form of dynamic DNS since
> you
> > > are
> > > getting a dynamic address.  The downside to doing this is that if you
> > are
> > > using PPPOE, you will have to setup those parameters on your PIX
> instead
> > > of
> > > the DSL device.
> > >
> > > Rik
> > >
> > > -----Original Message-----
> > > From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf
> Of
> > > Aamir Aziz
> > > Sent: Tuesday, August 08, 2006 10:58 AM
> > > To: ccielab@xxxxxxxxxxxxxx
> > > Subject: Simple scenario for PIX
> > >
> > > Hi there ppl
> > >
> > > I have a simple scenario for PIX 506E but i cant seem to get it
> working,
> > > any
> > > help is appreciated:
> > >
> > > ADSL Router ----------PIX 506E-----------PC
> > >
> > > ADSL Router is getting dynamic public IP from ISP.
> > > ADSL router Local IP is = 10.1.1.1
> > >
> > > PIX outside = 10.1.1.2
> > > PIX inside = 192.168.1.2
> > >
> > > PC = 192.168.1.1
> > >
> > > PIX Version 6.3(5)
> > > ip address outside 10.1.1.2
> > > ip address inside 192.168.1.2 255.255.255.0 ip audit info action alarm
> > ip
> > > audit attack action alarm pdm logging informational 100 pdm history
> > enable
> > > arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0
> > > 0.0.0.0 0 0 route outside 0.0.0.0 0.0.0.0 10.1.1.1
> > >
> > > The ADSL router (Linksys) is also doing NATing. I have no static
> public
> > > IP.
> > >
> > > But net is not working on the PC, what am I missing here?
> > >
> > > Thanks
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>



-- 
John Matijevic
U.S. Installation Group
Senior Network Engineer
954-969-7160 ext. 1147 (office)
305-321-6232 (cell)