?
Solved

How to configure Cisco ASA for PPPOE and Static Address from AT+T

Posted on 2011-10-27
2
Medium Priority
?
1,768 Views
Last Modified: 2012-05-12
I am trying to configure a Cisco ASA 5505 with static addresses that I got from AT+T.  Problem is that I have to include the pppoe information as well per AT+T.  I found the following on EE but is was for code 7.2.  I am running code 8.4.2

ASA Version 7.2(2)
!
hostname ExampleASA5505
domain-name Example.com
enable password LongComplexPassword
names
dns-guard
!
route outside 0.0.0.0 99.x.x.158
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.0.0.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 pppoe client vpdn group Examplegroup
 ip address pppoe setroute
 ip address 99.x.x.157 255.255.255.48 pppoe
 
!
interface Ethernet0/0
 switchport access vlan 2
 speed 10
 duplex full
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd *
boot system disk0:/asa722-k8.bin
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
 name-server 10.0.0.11
 name-server 10.0.0.13
 domain-name Example.com
access-list OutsideAllowedIn extended permit icmp any any
access-list Inside_nat0_outbound extended permit ip 10.0.0.0 255.255.255.0 99.x.x.155 255.255.255.248
pager lines 24
logging console errors
logging buffered informational
logging history notifications
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool ATTIPS 99.x.x.153-99.x.x.156
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 99.x.x.153
nat (inside) 0 access-list Inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa-server vpn protocol radius
aaa-server vpn host 10.0.0.12
 key popchart1234
group-policy Exampleremote internal
group-policy Exampleremote attributes
 dns-server value 10.0.0.11 10.0.0.13
 vpn-tunnel-protocol IPSec
 ipsec-udp enable
 ipsec-udp-port 10000
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value Exampleremote_splitTunnelAcl
 default-domain value Example.com
same-security-traffic permit intra-interface
http server enable
http 10.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh 10.0.0.0 255.255.255.0 inside
ssh timeout 25
console timeout 0
vpdn group Examplegroup request dialout pppoe
vpdn group Examplegroup localname user@att.net
vpdn group Examplegroup ppp authentication chap
vpdn username user@att.net password cisco5505 store-local
dhcpd auto_config outside
!
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect pptp
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect dns
!
prompt hostname context

I was not able to get the following command in the ASA
ip address pppoe setroute
 ip address 72.149.X.X 255.255.255.248 pppoe_group
 but was able to get
ip address 72.149.X.X 255.255.255.248 pppoe setroute
to go in.  Does this line in essence combine the two and will it really work?
0
Comment
Question by:brian_appliedcpu
2 Comments
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 2000 total points
ID: 37043355
It should be something like:  ip address ipaddress mask pppoe
Have a look at: http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/pppoe.html#wp1101394 that for 8.3 but should also work on 8.4
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 37065237
Or, to keep it easier, use ASDM to enter the information ... switch the interface to PPPoE and just fill in the form ...
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question