• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1777
  • Last Modified:

Configuring pix 501 using pppoe

Ok.. First off. I do not know much at all about PIX configuration so please be easy on me if this is an easy fix.
Basically, I am trying to configure this pix correctly so I can access the internet, etc. I connect using pppoe and I am pretty sure that I set it up correctly in the config. I will paste it below. I just have one machine that I want to have access to the outside world. I can not ping ANYTHING beyond the firewall. I have a speed stream modem that SBC provided. Please let me know if there is any more information you need in order to help me out with this problem. Thanks!
Larissa

interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password UI2uR.nM.8BH3.zE encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
mtu outside 1500
mtu inside 1500
ip address outside pppoe setroute
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group ISP request dialout pppoe
vpdn group ISP localname lhuckaby
vpdn group ISP ppp authentication pap
vpdn username lhuckaby password ********
dhcpd address 192.168.1.5-192.168.1.10 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
terminal width 100
0
onsite_tech
Asked:
onsite_tech
  • 4
  • 3
1 Solution
 
minmeiCommented:
Without access lists, no pings will go thru.

access-list inbound permit icmp any any

access-group inbound in interface outside

That would allow pings through.

The pppoe stuff looks good.
0
 
JoesmailCommented:
This article explain everything you need to know about how to setup a 501 to use your pppoe client on a pix 501.

http://www.cisco.com/warp/public/110/pppoe-for-pix501.html#table2
0
 
onsite_techAuthor Commented:
Ok... To minmei.... I did not think that I would have to set up access list to ping outside of the network... I thought that by default all traffic can go out but not come back in unless you initialize the connection first. So what I can't figure out is why can't I get to the outside world??? If someone could look at my config and tell me why, it would be great. IT is becoming so frustrating because I have wasted a LOT of hours trying to get it to work. Any ideas would be greatly appreciated.Thanks
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
minmeiCommented:
You are correct for tcp and udp ports, if the session is initiated from the inside, the PIX lets the traffic back. ICMP needs to be explicit, tho.

Is the speed stream modem doing pppoe? Last customer I had with this config had the hardest time taking pppoe off the speedstream so the PIX could do it.

If you plug in a PC directly behind the speedstream does it get an ip and get out to the internet?
0
 
onsite_techAuthor Commented:
Yes, when I plug my laptop directly behing the modem, I get an IP and I am able to access the internet. As soon as I hook up the Firewall, I can  no longer access anything.  I accessed the modem and it is set to PPPOE. Would I change this and if so what would I change it to?  Any other ideas would be greatly appreciated!

Larissa
0
 
minmeiCommented:
If you give me the model number of the speedstream I could get you the docs and try to lead you through the config...

The PIX will never work doing PPPOE is the speedstream is already doing it.

We could try another way and set up the pix behind the speedstream without pppoe. Your call.
0
 
onsite_techAuthor Commented:
Oh thank you.. I have a speed stream 5100.... Which ever way yout think is easiest. :)

Larissa
0
 
minmeiCommented:
Here's the info on how to turn the ss5100 into an ethernet bridge to allow the PIX to do pppoe:

How can I put the 5100b in bridge mode? (#8722)  
A: The modem itself, with the shipped firmware, supports 3 modes; PPPoE on board, Bridge mode, Bridge mode with IP Address pass Issuance. To put the modem in Bridge modem do the following:

1. In your web browser browse to »192.168.0.1 This address will be located on a yellow sticker on the bottom of your modem.

2. The first screen will ask you for your Modem Access Code. This also will be located on the same yellow sticker.

3. Select Advanced from the blue buttons on the left.

4. Click the PPP locations button.

5. The modem may ask your for the Modem Access Code again. If so type it in again and click continue.

6. Select the radio button labeled, "Bridged Mode (PPPoE is not used)"

7. Click Save Changes.

8. A "PPP Location Warning" page will come up. Click "Change PPP Location."

9. A "Restart Needed" page will come up. Click "Restart"

10. Reboot your computer and router (if applicable.) You will now need some form of PPPoE software on your computer or a router that supports PPPoE. Be warned that even if you are using Enternet 300 or XP/OSX's built in PPPoE SBC tech support will not troubleshoot connectivity issues until you have put your modem back in PPPoE on board mode.
 
0

Featured Post

The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now