Configuring an ASA 5505 with an ATT DSL account.

I have a client who has moved offices and has a dsl account with ATT.  ATT gave us 5 static IP's which are 99.*.*.73 thru 99.*.*77 and the gateway they gave me is 99.*.*.78.  The trouble I'm having is that when I program the ASA to use one of the static IP's and the gateway I can't access the internet.  When I program the ASA to automatically aquire the ip then my IP becomes the gateway and websites report my Ip as being the gateway.  I've never seen this before.  I can even RD in from the outside by going to the gateway address, which the att tech tonight said I shouldn't be able to do.  How is this possible?  Should I just let the asa aquire the ip and route automatically and then make access lists for the static ip's?  What if I had an Exchange server behind the router and it had to to have one of the static ip's?  If the email was coming from a different ip than what the mrecords were showing then wouldn't I have problems?  
Any help someone could be would be much appreciated.  I have had nothing but troubles the last two weeks with ATT and feel like they haven't given me correct information even though I have called and verified our addresses with them.

Thanks in advance,

vne
VNEAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
If ATT constanly lease you the same address them your OK however it the DHCP address allocated ot the ASA changes then VPN tunnels will breal RDP sessions will stop and mail will stop flowing.
on the ASA issue a sho ip command - then take note of the IP address you get - ask ATT to reserve that IP for the ASA, Ive deployed a lot of corporate firewalls that way and have not had any problems :)
0
VNEAuthor Commented:
When I do a show ip, it gives me the gateway that ATT gave me.  This is when I have the asa setup to get it's address through dhcp.  When I configure the asa to use one of the static ip's and set the route using the gateway they gave me then I can't connect to the internet.  I've done something stupid with the config, so I think I may just blank the asa and start over.  Kind of frustrating though, all we did was transfer service locations with ATT and things haven't been right since.  

I guess what really has me confused is the gateway that they gave me.  During trouble shooting I called support and they spcifically said that I cannot connect to my network from the internet using the gateway address.  Well, thats the only address I CAN connect using.  I understand what they are saying, and they are correct from what I have done with accounts in the past, but what's going on?  
With other customers I have now, the gateway is just for my use when programming my routers and it is something that nobody ever see's.    See my confusion?

vne
0
VNEAuthor Commented:
Just an addition,

If I configure the asa to get it's address using dhcp from ATT and then goto www.whatismyip.com it shows my address as being the gateway.  I have never had an account behave this way.  It should show one of the static ip's they assigned me, right???

0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Pete LongTechnical ConsultantCommented:
>>one of the static ip's they assigned me, right???
Yes - unless the route is in transparent mode
as a test add
http 0.0.0.0 0.0.0.0 outside
http server enable
 
then go home an open
https://the_ip_address
if the ASDM console comes up then your router is in transparent mode (its acting as a modem)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
VNEAuthor Commented:
I just blanked the router and started over.  Do you mind taking a look at my config to see if you notice anything wrong.  Right now after re-configuring it, I am still unable to get on the internet.




hostname **************
domain-name phm
enable password ybkPG8eo3291itv6 encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.3.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 pppoe client vpdn group attppoe
 ip address 99.**.**.73 255.255.255.248 pppoe setroute
!
interface Ethernet0/0
 switchport access vlan 2
 shutdown
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name phm
pager lines 24
mtu inside 1492
mtu outside 1492
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.3.0 255.255.255.0 inside
telnet timeout 15
ssh timeout 5
console timeout 0
vpdn group attppoe request dialout pppoe
vpdn group attppoe localname username@att.net
vpdn group attppoe ppp authentication pap
vpdn username username@att.net password *********
dhcpd address 192.168.3.50-192.168.3.100 inside
dhcpd dns 68.94.156.1 68.94.157.1 interface inside
dhcpd enable inside
!
 
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:1af6607e691466a1b2578b2cd0a28be4
: end

Open in new window

0
Pete LongTechnical ConsultantCommented:
ThanQ
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Broadband

From novice to tech pro — start learning today.