Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Cisco ASA 5505 w/ static IP and  PPPOE config

Posted on 2009-04-28
7
Medium Priority
?
2,508 Views
Last Modified: 2012-08-22
Hi All,

This one is simple,

what are the commands to config a Cisco ASA 5505 with ATT PPPOE service with Static IP address?

ATT IP Block:
IP: 99.x.x.155
Sub: 255.255.255.248
Gate: 99.x.x.158

User: user@att.net
pass: cisco5505
0
Comment
Question by:jetli87
  • 4
  • 2
7 Comments
 
LVL 15

Accepted Solution

by:
WalkaboutTigger earned 2000 total points
ID: 24256974
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/pppoe.html

So presuming you have a relatively current version of IOS loaded, use the following configuration example:

 
ASA Version 7.2(2) 
!
hostname ExampleASA5505
domain-name Example.com
enable password LongComplexPassword
names
dns-guard
!
route outside 0.0.0.0 99.x.x.158
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.0.0.1 255.255.255.0 
!
interface Vlan2
 nameif outside
 security-level 0
 pppoe client vpdn group Examplegroup
 ip address pppoe setroute 
 ip address 99.x.x.157 255.255.255.48 pppoe
 
!
interface Ethernet0/0
 switchport access vlan 2
 speed 10
 duplex full
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd *
boot system disk0:/asa722-k8.bin
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
 name-server 10.0.0.11
 name-server 10.0.0.13
 domain-name Example.com
access-list OutsideAllowedIn extended permit icmp any any 
access-list Inside_nat0_outbound extended permit ip 10.0.0.0 255.255.255.0 99.x.x.155 255.255.255.248 
pager lines 24
logging console errors
logging buffered informational
logging history notifications
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool ATTIPS 99.x.x.153-99.x.x.156
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 99.x.x.153
nat (inside) 0 access-list Inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa-server vpn protocol radius
aaa-server vpn host 10.0.0.12
 key popchart1234
group-policy Exampleremote internal
group-policy Exampleremote attributes
 dns-server value 10.0.0.11 10.0.0.13
 vpn-tunnel-protocol IPSec 
 ipsec-udp enable
 ipsec-udp-port 10000
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value Exampleremote_splitTunnelAcl
 default-domain value Example.com
same-security-traffic permit intra-interface
http server enable
http 10.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh 10.0.0.0 255.255.255.0 inside
ssh timeout 25
console timeout 0
vpdn group Examplegroup request dialout pppoe
vpdn group Examplegroup localname user@att.net
vpdn group Examplegroup ppp authentication chap
vpdn username user@att.net password cisco5505 store-local
dhcpd auto_config outside
!
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect pptp
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect netbios 
  inspect rsh 
  inspect rtsp 
  inspect skinny 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect sip 
  inspect xdmcp 
  inspect dns 
!
prompt hostname context 
: end 

Open in new window

0
 
LVL 1

Author Comment

by:jetli87
ID: 24257036
Thanks for the Quick response.

I'm running IOS 8.0.4

To clarify,

even though it's a DSL Serivce with STATIC IP and PPPOE I would still need the following commands:

Line#21:   ip address pppoe setroute
Line#101:   dhcpd auto_config outside

???
0
 
LVL 15

Expert Comment

by:WalkaboutTigger
ID: 24257065

In your case "ip address pppoe setroute" is superfluous.

The second line should pick up dns settings from the ISP.  If they have assigned static DNS entries as well, use

dhcpd dns ipaddress interface inside

in lieu of the dhcpd auto...
0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

 
LVL 1

Author Comment

by:jetli87
ID: 24257267
got it...thanks!

will test out and let you know.
0
 
LVL 15

Expert Comment

by:WalkaboutTigger
ID: 24310567
Did it work?
0
 
LVL 2

Expert Comment

by:brian_appliedcpu
ID: 37039261
Does this work under 8.4.2.  I am having the same issue with AT+T in that they way they assign IP addresses you have to include the pppoe information as well as the static IP address.  I am getting an error using on an ASA 5505
interface Vlan2
 nameif outside
 security-level 0
 pppoe client vpdn group pppoe_group
 ip address pppoe setroute
 ip address 72.149.X.X 255.255.255.248 pppoe_group
0
 
LVL 15

Expert Comment

by:WalkaboutTigger
ID: 37040850
Yes - scroll down through the configuration I posted and insure your pppoe_group is correctly configured with the credentials supplied by AT&T.  If, for some reason this does not work, open a new question and post the link to it here as a reply.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question