Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Comcast static address and PIX501

Posted on 2006-07-13
Medium Priority
Last Modified: 2013-11-16
We have a comcast business with a static addresss up purchased a pix501 to do vpn and site to site ect.  The issue we are having is the comcast modem with the SMC router will not go into bridge mode and let the cisco pix501 have the static address assigned to it.  If we put the pix in to dhcp mode we get assigned a diffrent ip than our static but we can use the web ect.  Any ideas or leads on where to get this resolved. Comcast and Cisco are both pointing fingers as well as SMC.

our pix is current IOS PDM  

Question by:Steven Church
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6

Expert Comment

ID: 17105233
OHHHHHHH, i have the same problem when I first signed up for the comcast business with 5 public IPs.  I called comcast support for 2 weeks on them fixing this and for some reason hardly anybody knew how to do this.

Turning the crapy smc modem/router to bridge mode is simply turning off the DHCP.  Of course before this happens make sure comcast did upload a file to the crapy smc modem/router so you can have your 5 public IPs or else it won't work.  Then make sure your PIX route is pointing to the comcast Default-Gateway (DG).  So let's say your public IP range is: to

Then I believe the command is:  route 0 0
then assign your outside interface on your pix of
Then you can do your static translations and ACLs.  of course make sure you have the nat and global configuration so you can do NATing and PATing.


Author Comment

by:Steven Church
ID: 17105562
We only have 1 static Ip address. We had a similar issue with a linksys rv042 and they had to downgrade the firmware on the smc pos.... I will sure give it a shot. I will let you know.

Thanks for some direction

Expert Comment

ID: 17117312
with only 1 static public ip address it will work as well.

static public ip
your dg should be :

then give your outside interface on your pix the with a dg of

Let me know how it goes because this entire ordeal I had with comcast really upset me that they can't support their product.

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!


Author Comment

by:Steven Church
ID: 17147929
No go on that solutions, I thought we had tried that once and it still doesnt work. The cisco powers up, then the smc freaks out and not traffic between the smc and cisco.

Back to the drawing board.  We have talked with 4 levels into comcast land and they say oh nope that wont work sorry to bad.

Any more ideas or thingss to try would be great!


Expert Comment

ID: 17150532
Please post your PIX configuration.


Author Comment

by:Steven Church
ID: 17185831
Here is the config. its stock out of the box with very little configured.

Building configuration...
: Saved
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password /YkVqZmBD0uSVWHm encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname mail.
domain-name rrpark.org
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
access-list outside_access_in permit tcp any any
access-list outside_access_in permit udp any any
access-list outside_access_in permit icmp any any
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside
ip address inside
ip audit info action alarm
ip audit attack action alarm
pdm location inside
pdm location inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0 0
access-group outside_access_in in interface outside
route outside 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 750
username assured password QRz9eoLBtoiM0kwY encrypted privilege 15
terminal width 80
: end


Expert Comment

ID: 17188739
This is what I would do.  Do the dhcp and see what IP address you are receiving from http://www.whatismyip.com

so let's say it's:

this ip address should match the default gateway to the email you got from your sales person who opened up the account for you.

also, in the email it should say specifically what is your static public ip address.  from your configuration it looks solid with very little modification to it and should allow your internal nodes internet access.

Let me know if I'm wrong in any of my statements.


Author Comment

by:Steven Church
ID: 17234123
The info listed is what comcast gave us via phone, nothing was sent out via email.

Author Comment

by:Steven Church
ID: 17344842
Comcast has contacted us and the are installing a new model of the smc modem next week. I will update the info as we get it!  

Accepted Solution

Pentrix2 earned 1000 total points
ID: 17351322
Thanks for the update.  :)


Author Comment

by:Steven Church
ID: 17586741
After waiting for comcast to send out a biz tech with the modem, they have pulled the new smc back for more testing.   We have had the interface rebuild twice to just keep the current vpn on the RV042 alive.

Expert Comment

ID: 17588188
The thing that fixed it on my side was the business techs had to replace some kind of board outside my building.  Something like if it's reading -25 then it's good.  It's the box that your facility should be sharing.

Author Comment

by:Steven Church
ID: 17589564
I will ask, our local tech is a good friend.
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17681673
Steven, I need an update here please as it has expired again.

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question