[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 963
  • Last Modified:

Cisco SB107 with a PPPoA connection and Watchguard Edge X10

I had previously setup this site using a Watchguard Edge X10 firewall with a Cisco SB107 router in pure bridging (RFC1483). On the Watchguard I had then entered the details for the PPPoE authentication, and everything has been working fine.

At the time, they were using an ISP that supported both PPPoA and PPPoE.

Now they have changed ISP and the new one uses only PPPoA (with CHAP authentication).

How can I approach the problem? I have heard of half-bridging, this method should let my ISP assign the IP to my router which would have DHCP server active. The IP would then be spoofed onto the Watchguard firewall, which would have the WAN interface set in DHCP client mode. And my LAN would be set with LAN addresses (192.xxx.xxx.xxx). This should work isn't it?

However, this ISP gives 8 static IPs. Actually we are not interested in those IPs, having only one would be fine if this is the only way I can approach the problem. Instead if I wanted to use also those IP addresses what should I do??

Please help me, this is quite urgent as they are experiencing problems with the other ISP and need to switch as soon as possible!
0
ssardella
Asked:
ssardella
  • 2
1 Solution
 
dpk_walCommented:
XEdge does not support PPPoA; so configuring modem/router (cisco device) in bridge mode would not help. In this case the id possible configure modem to send all incoming public IPs to X10 and then assign one public IP to X10. Configure modem to not block anything and forward everything to X10.

X10 would act as if it was directly on the internet; if you are running 10.x you can configure 1-1 NAT and use these public addresses.

the setup would be like:
Internet---modem----X10--internal network

If you configure X10 to be on NATted IP behind the modem, then please put a static IP so you can forward all ports/protocols to the IP of X10.

Thank you.
0
 
ssardellaAuthor Commented:
I know that edge doesn't support PPPoA, infact I wanted to use the half-bridging method to use the router to authenticate using PPPoA and get the IP, which then would be assigned to the firewall using DHCP.  don't you think this is possible?

internet >> router (half-bridged; authenticates and gets the IP; DHCP server active) >> firewall (set to DHCP client, gets WAN IP)

according to what I've read around, this should work...what do you think?

By the way, forgot to tell in previous post. the ISP told me that I should set the router to IP Negotiation to get IP addresses.

otherwise, how should I set up what you said on the router?
0
 
dpk_walCommented:
Half-bridged mode would work; but if you would get dynamic IP on X10 there would be problems with things like VPN. Also, if you are on version 7.x then you cannot configure 1-1 NAT for other public IP addresses as you have and use for any public serves as you have.

I am not 100% sure about configuring the cisco router so would not be able to assist you with the configuration.

If you do not have public servers behind X10 and do not need VPN functionality then half-bridge mode would work like charm.

Thank you.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now