• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1830
  • Last Modified:

ADSL -> Cisco 800 -> Fortinet 60 -> LAN

Hi all,

I have a Cisco 800 and a Fortinet 60 that I am trying to get working together,

My setup is; ADSL -> Cisco 800 -> Fortinet 60 -> LAN

Currently clients from the LAN can browse, and everything can ping the next in the series, but I am unable to get external traffic to come in (I am trying to get the PPTP server on the Fortinet working)

I think the problem is the Cisco, so would appreciate any help getting this going.

Thanks

-red
0
redseatechnologies
Asked:
redseatechnologies
  • 7
  • 2
  • 2
2 Solutions
 
redseatechnologiesAuthor Commented:
0
 
lrmooreCommented:
Have you considered putting your router in bridge mode?

bridge 1 protocol ieee
interface dialer 0
 no ip address
 bridge-group 1
interface vlan 1
 no ip address
 bridge-group 1

This should allow the Fortigate to do the ppoa authentication and get the public IP address.
0
 
redseatechnologiesAuthor Commented:
I had considered that, and would happily do so (that was actually my thoughts on the first question), the thing I am not sure of there is; will the fortigate be able to handle the authentication when the router has the modem?

Thanks lrmoore.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
lrmooreCommented:
Unfortunately, I don't know the fortigate product...
0
 
redseatechnologiesAuthor Commented:
Me either :/

So assuming I can't find a way to make the fortigate do the authentication, how can I make the cisco router do the authentication and still allow everything through?
0
 
redseatechnologiesAuthor Commented:
OK, the fortigate will not do the authentication.

So, I suppose my only other option is to double nat this puppy, or take it out entirely - either which I would be happy to do.

I have a feeling that I tried natting dialer0 accross, but there were problems,

As it is PPTP, I want to do a 1:1 nat of our dialer0 ip to a single lan ip, and then still allow other clients to get out - is that possible?

so,

ip nat inside source static 192.168.x.x dialer0

?

Thanks,

-red
0
 
shverCommented:
According to the documentation at:

http://docs.forticare.com/fgt/install/FortiGate-60_series_Install_Guide_01-30004-0266-20070615.pdf,

the Fortigate 60 will do PPPoE authentication.  Your Service Provider should be able (or already is) to provision your line as PPPoE.  This means you can put your Cisco 800 in bridge mode and use the FortiGate to do auth.  

With the live IP now at the FortiGate you can then open services for external access.

I have done this with a number of FortiGate and Netscreen devices with no issues.
0
 
redseatechnologiesAuthor Commented:
It does have the PPPoE section, and I have tried putting in the same details as is in my config (at the start of this Q) and it is still not playing nicely.

Is there anything else that I would need to do, bearing in mind that my cisco config is connecting fine, to make this work?

Thanks shver

-red
0
 
shverCommented:
Your Cisco is running in PPPoA mode.  You'll need to talk to your service provider about getting PPPoE enabled.  Then simply follow the instructions from Irmoore above to set your Cisco to bridge mode and try your PPPoE auth on the FOrtiGate again.

Good luck.
0
 
redseatechnologiesAuthor Commented:
Ahhhh, got it, leave it with me

Thanks

-red
0
 
redseatechnologiesAuthor Commented:
OK, long story short - it isn;t going to work.

I have spoken to my supplier, and fortunately because of who my client is, they are going to take back this Forti, replace it with one with a built in ADSL modem, and then I will remove the Cisco unit altogether.

Thank you both for your help.

-red
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 7
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now