Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Cisco ASA 5505 w/ static IP and  PPPOE config

Posted on 2009-04-28
Medium Priority
Last Modified: 2012-08-22
Hi All,

This one is simple,

what are the commands to config a Cisco ASA 5505 with ATT PPPOE service with Static IP address?

ATT IP Block:
IP: 99.x.x.155
Gate: 99.x.x.158

User: user@att.net
pass: cisco5505
Question by:jetli87
  • 4
  • 2
LVL 15

Accepted Solution

WalkaboutTigger earned 2000 total points
ID: 24256974

So presuming you have a relatively current version of IOS loaded, use the following configuration example:

ASA Version 7.2(2) 
hostname ExampleASA5505
domain-name Example.com
enable password LongComplexPassword
route outside 99.x.x.158
interface Vlan1
 nameif inside
 security-level 100
 ip address 
interface Vlan2
 nameif outside
 security-level 0
 pppoe client vpdn group Examplegroup
 ip address pppoe setroute 
 ip address 99.x.x.157 pppoe
interface Ethernet0/0
 switchport access vlan 2
 speed 10
 duplex full
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
passwd *
boot system disk0:/asa722-k8.bin
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
 domain-name Example.com
access-list OutsideAllowedIn extended permit icmp any any 
access-list Inside_nat0_outbound extended permit ip 99.x.x.155 
pager lines 24
logging console errors
logging buffered informational
logging history notifications
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool ATTIPS 99.x.x.153-99.x.x.156
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 99.x.x.153
nat (inside) 0 access-list Inside_nat0_outbound
nat (inside) 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa-server vpn protocol radius
aaa-server vpn host
 key popchart1234
group-policy Exampleremote internal
group-policy Exampleremote attributes
 dns-server value
 vpn-tunnel-protocol IPSec 
 ipsec-udp enable
 ipsec-udp-port 10000
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value Exampleremote_splitTunnelAcl
 default-domain value Example.com
same-security-traffic permit intra-interface
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh inside
ssh timeout 25
console timeout 0
vpdn group Examplegroup request dialout pppoe
vpdn group Examplegroup localname user@att.net
vpdn group Examplegroup ppp authentication chap
vpdn username user@att.net password cisco5505 store-local
dhcpd auto_config outside
class-map inspection_default
 match default-inspection-traffic
policy-map global_policy
 class inspection_default
  inspect pptp
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect netbios 
  inspect rsh 
  inspect rtsp 
  inspect skinny 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect sip 
  inspect xdmcp 
  inspect dns 
prompt hostname context 
: end 

Open in new window


Author Comment

ID: 24257036
Thanks for the Quick response.

I'm running IOS 8.0.4

To clarify,

even though it's a DSL Serivce with STATIC IP and PPPOE I would still need the following commands:

Line#21:   ip address pppoe setroute
Line#101:   dhcpd auto_config outside

LVL 15

Expert Comment

ID: 24257065

In your case "ip address pppoe setroute" is superfluous.

The second line should pick up dns settings from the ISP.  If they have assigned static DNS entries as well, use

dhcpd dns ipaddress interface inside

in lieu of the dhcpd auto...
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  


Author Comment

ID: 24257267
got it...thanks!

will test out and let you know.
LVL 15

Expert Comment

ID: 24310567
Did it work?

Expert Comment

ID: 37039261
Does this work under 8.4.2.  I am having the same issue with AT+T in that they way they assign IP addresses you have to include the pppoe information as well as the static IP address.  I am getting an error using on an ASA 5505
interface Vlan2
 nameif outside
 security-level 0
 pppoe client vpdn group pppoe_group
 ip address pppoe setroute
 ip address 72.149.X.X pppoe_group
LVL 15

Expert Comment

ID: 37040850
Yes - scroll down through the configuration I posted and insure your pppoe_group is correctly configured with the credentials supplied by AT&T.  If, for some reason this does not work, open a new question and post the link to it here as a reply.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question