cisco asa 5505, at&t dsl, static IP block, pppoe doesn't work

Posted on 2012-04-12
Medium Priority
Last Modified: 2012-06-27
I've tried 2 different DSL devices:  modem/router in bridge mode, modem-only in bridge mode.

If I set the IP on vlan 2 to DHCP, I get an address and route via pppoe.

As soon as I set the IP to the IP block I was assigned, I am unable to ping/surf.

Some people suggest to set the interface to DHCP/setroute with a pppoe username of <username>@static.sbcglobal.net - tried it, no go.

What makes this strange is that I can put the DSL modem/router back to router mode, and manually assign the IP block to the AT&T device (Netopia 3310), and it works on that device - meaning I can ping the gateway and surf with a PC connected directly to the Netopia.

I *cannot* get the ASA to work with the IP block I've been assigned.

In DHCP mode, the subnet mask on the interface is /32, with a gateway in a different /8 subnet - my IP is 68.x.y.z/32 and the gateway is 65.a.b.c.  I get this information from "show ip" and "show vpdn ppp".

I've also tried setting my ip to an address in the middle of the subnet block and tried the gateway on either end of the block (AT&T likes to use the high end of the block for gateway).

I've also tried a /24 mask with gateway on .1 and .254.  Nothing works.

Yet, as I mentioned, the IP block works if I manually assign it on the modem/router.
Question by:snowdog_2112
  • 5
  • 2
LVL 17

Expert Comment

ID: 37840761
Set DSL modem/router back to router mode, and manually assign the IP block to the ASA vlan2 interface and set default route, should be something like below

Configure the external interface vlan (connected to Internet)
ASA5505(config)# interface Vlan 2
ASA5505(config-if)# nameif outside
ASA5505(config-if)# security-level 0
ASA5505(config-if)# ip address x.x.x.x x.x.x.x  (use ip and maskyou wher using for 3310)
ASA5505(config-if)# no shut

Assign Ethernet 0/0 to Vlan 2
ASA5505(config)# interface Ethernet0/0
ASA5505(config-if)# switchport access vlan 2
ASA5505(config-if)# no shut

Configure PAT on the outside interface
ASA5505(config)# global (outside) 1 interface
ASA5505(config)# nat (inside) 1

Configure default route towards the ISP
ASA5505(config)# route outside x.x.x.x1 ( use ip assigned to the dsl modem)

Article Source: http://EzineArticles.com/1681858

Author Comment

ID: 37840859
If I put the DSL modem back to router mode, it will have my public IP block on its outside interface and a private IP on the inside - which is the outside of the ASA.

Another way would be to put my static block on the inside of the DSL modem and let the outside get DHCP from AT&T - but then there will be no route for my block pointing to the DHCP address on the outside of the modem.

Can you clarify your config - am I missing something with what you have in the sample?

LVL 17

Expert Comment

ID: 37840992
What is the make and model of the dsl modem?
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  


Author Comment

ID: 37842299
I've tried a Netopia 3310 and a Speedstream 4100.  

Both do the same thing - I can get DHCP with the ASA doing pppoe, but I cannot assign the static block.

Author Comment

ID: 37889792
Any thoughts?

Accepted Solution

snowdog_2112 earned 0 total points
ID: 37933342
solved.  For static ip assignments on at&t, the dsl username needs to be username@static.sbcglobal.net.  In my case, I had made the change, but it must have reverted on a reboot (not saved).

I had overlooked that since I was sure I had made the change.

Working now.

Author Closing Comment

ID: 37951053
suggested solutions were not part of the solution.

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

587 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question