Solved

cisco asa 5505, at&t dsl, static IP block, pppoe doesn't work

Posted on 2012-04-12
7
1,365 Views
Last Modified: 2012-06-27
I've tried 2 different DSL devices:  modem/router in bridge mode, modem-only in bridge mode.

If I set the IP on vlan 2 to DHCP, I get an address and route via pppoe.

As soon as I set the IP to the IP block I was assigned, I am unable to ping/surf.

Some people suggest to set the interface to DHCP/setroute with a pppoe username of <username>@static.sbcglobal.net - tried it, no go.

What makes this strange is that I can put the DSL modem/router back to router mode, and manually assign the IP block to the AT&T device (Netopia 3310), and it works on that device - meaning I can ping the gateway and surf with a PC connected directly to the Netopia.

I *cannot* get the ASA to work with the IP block I've been assigned.

In DHCP mode, the subnet mask on the interface is /32, with a gateway in a different /8 subnet - my IP is 68.x.y.z/32 and the gateway is 65.a.b.c.  I get this information from "show ip" and "show vpdn ppp".

I've also tried setting my ip to an address in the middle of the subnet block and tried the gateway on either end of the block (AT&T likes to use the high end of the block for gateway).

I've also tried a /24 mask with gateway on .1 and .254.  Nothing works.

Yet, as I mentioned, the IP block works if I manually assign it on the modem/router.
0
Comment
Question by:snowdog_2112
  • 5
  • 2
7 Comments
 
LVL 17

Expert Comment

by:lruiz52
ID: 37840761
Set DSL modem/router back to router mode, and manually assign the IP block to the ASA vlan2 interface and set default route, should be something like below

Configure the external interface vlan (connected to Internet)
-------------------------------------------------------------------------------------
ASA5505(config)# interface Vlan 2
ASA5505(config-if)# nameif outside
ASA5505(config-if)# security-level 0
ASA5505(config-if)# ip address x.x.x.x x.x.x.x  (use ip and maskyou wher using for 3310)
ASA5505(config-if)# no shut

Assign Ethernet 0/0 to Vlan 2
-------------------------------------------------
ASA5505(config)# interface Ethernet0/0
ASA5505(config-if)# switchport access vlan 2
ASA5505(config-if)# no shut

Configure PAT on the outside interface
-----------------------------------------------------
ASA5505(config)# global (outside) 1 interface
ASA5505(config)# nat (inside) 1 0.0.0.0 0.0.0.0

Configure default route towards the ISP
---------------------------------------------------------------------------------------------------------
ASA5505(config)# route outside 0.0.0.0 0.0.0.0 x.x.x.x1 ( use ip assigned to the dsl modem)



Article Source: http://EzineArticles.com/1681858
0
 

Author Comment

by:snowdog_2112
ID: 37840859
If I put the DSL modem back to router mode, it will have my public IP block on its outside interface and a private IP on the inside - which is the outside of the ASA.

Another way would be to put my static block on the inside of the DSL modem and let the outside get DHCP from AT&T - but then there will be no route for my block pointing to the DHCP address on the outside of the modem.

Can you clarify your config - am I missing something with what you have in the sample?

Thanks.
0
 
LVL 17

Expert Comment

by:lruiz52
ID: 37840992
What is the make and model of the dsl modem?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:snowdog_2112
ID: 37842299
I've tried a Netopia 3310 and a Speedstream 4100.  

Both do the same thing - I can get DHCP with the ASA doing pppoe, but I cannot assign the static block.
0
 

Author Comment

by:snowdog_2112
ID: 37889792
Any thoughts?
0
 

Accepted Solution

by:
snowdog_2112 earned 0 total points
ID: 37933342
solved.  For static ip assignments on at&t, the dsl username needs to be username@static.sbcglobal.net.  In my case, I had made the change, but it must have reverted on a reboot (not saved).

I had overlooked that since I was sure I had made the change.

Working now.
0
 

Author Closing Comment

by:snowdog_2112
ID: 37951053
suggested solutions were not part of the solution.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question