Solved

Comcast static address and PIX501

Posted on 2006-07-13
17
1,425 Views
Last Modified: 2013-11-16
We have a comcast business with a static addresss up purchased a pix501 to do vpn and site to site ect.  The issue we are having is the comcast modem with the SMC router will not go into bridge mode and let the cisco pix501 have the static address assigned to it.  If we put the pix in to dhcp mode we get assigned a diffrent ip than our static but we can use the web ect.  Any ideas or leads on where to get this resolved. Comcast and Cisco are both pointing fingers as well as SMC.

our pix is current IOS PDM  

0
Comment
Question by:StevenChurch
  • 7
  • 6
17 Comments
 
LVL 9

Expert Comment

by:Pentrix2
Comment Utility
OHHHHHHH, i have the same problem when I first signed up for the comcast business with 5 public IPs.  I called comcast support for 2 weeks on them fixing this and for some reason hardly anybody knew how to do this.

Turning the crapy smc modem/router to bridge mode is simply turning off the DHCP.  Of course before this happens make sure comcast did upload a file to the crapy smc modem/router so you can have your 5 public IPs or else it won't work.  Then make sure your PIX route is pointing to the comcast Default-Gateway (DG).  So let's say your public IP range is:

7.7.7.7 to 7.7.7.11
DG 7.7.7.12

Then I believe the command is:  route 0 0 7.7.7.12
then assign your outside interface on your pix of 7.7.7.7
Then you can do your static translations and ACLs.  of course make sure you have the nat and global configuration so you can do NATing and PATing.

Pentrix2
0
 
LVL 1

Author Comment

by:StevenChurch
Comment Utility
We only have 1 static Ip address. We had a similar issue with a linksys rv042 and they had to downgrade the firmware on the smc pos.... I will sure give it a shot. I will let you know.

Thanks for some direction
0
 
LVL 9

Expert Comment

by:Pentrix2
Comment Utility
with only 1 static public ip address it will work as well.

static public ip
7.7.7.7
your dg should be :  7.7.7.8

then give your outside interface on your pix the 7.7.7.7 with a dg of 7.7.7.8

Let me know how it goes because this entire ordeal I had with comcast really upset me that they can't support their product.

Pentrix2
0
 
LVL 1

Author Comment

by:StevenChurch
Comment Utility
No go on that solutions, I thought we had tried that once and it still doesnt work. The cisco powers up, then the smc freaks out and not traffic between the smc and cisco.

Back to the drawing board.  We have talked with 4 levels into comcast land and they say oh nope that wont work sorry to bad.

Any more ideas or thingss to try would be great!

Steven
0
 
LVL 9

Expert Comment

by:Pentrix2
Comment Utility
Please post your PIX configuration.

David
0
 
LVL 1

Author Comment

by:StevenChurch
Comment Utility
Here is the config. its stock out of the box with very little configured.

Building configuration...
: Saved
:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password /YkVqZmBD0uSVWHm encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname mail.
domain-name rrpark.org
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list outside_access_in permit tcp any any
access-list outside_access_in permit udp any any
access-list outside_access_in permit icmp any any
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 70.91.187.189 255.255.255.0
ip address inside 192.168.254.253 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.1.0 255.255.255.0 inside
pdm location 192.168.254.0 255.255.255.0 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 70.91.187.190 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 750
username assured password QRz9eoLBtoiM0kwY encrypted privilege 15
terminal width 80
Cryptochecksum:7ecc5db756cda694cfb441ae42b9b7b8
: end
[OK]

0
 
LVL 9

Expert Comment

by:Pentrix2
Comment Utility
This is what I would do.  Do the dhcp and see what IP address you are receiving from http://www.whatismyip.com

so let's say it's:
70.91.187.190

this ip address should match the default gateway to the email you got from your sales person who opened up the account for you.

also, in the email it should say specifically what is your static public ip address.  from your configuration it looks solid with very little modification to it and should allow your internal nodes internet access.

Let me know if I'm wrong in any of my statements.

David
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:StevenChurch
Comment Utility
The info listed is what comcast gave us via phone, nothing was sent out via email.
0
 
LVL 1

Author Comment

by:StevenChurch
Comment Utility
Comcast has contacted us and the are installing a new model of the smc modem next week. I will update the info as we get it!  
0
 
LVL 9

Accepted Solution

by:
Pentrix2 earned 250 total points
Comment Utility
Thanks for the update.  :)

David
0
 
LVL 1

Author Comment

by:StevenChurch
Comment Utility
After waiting for comcast to send out a biz tech with the modem, they have pulled the new smc back for more testing.   We have had the interface rebuild twice to just keep the current vpn on the RV042 alive.
0
 
LVL 9

Expert Comment

by:Pentrix2
Comment Utility
The thing that fixed it on my side was the business techs had to replace some kind of board outside my building.  Something like if it's reading -25 then it's good.  It's the box that your facility should be sharing.
0
 
LVL 1

Author Comment

by:StevenChurch
Comment Utility
I will ask, our local tech is a good friend.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Steven, I need an update here please as it has expired again.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now