Solved

cisco asa 5505, at&t dsl, static IP block, pppoe doesn't work

Posted on 2012-04-12
7
1,384 Views
Last Modified: 2012-06-27
I've tried 2 different DSL devices:  modem/router in bridge mode, modem-only in bridge mode.

If I set the IP on vlan 2 to DHCP, I get an address and route via pppoe.

As soon as I set the IP to the IP block I was assigned, I am unable to ping/surf.

Some people suggest to set the interface to DHCP/setroute with a pppoe username of <username>@static.sbcglobal.net - tried it, no go.

What makes this strange is that I can put the DSL modem/router back to router mode, and manually assign the IP block to the AT&T device (Netopia 3310), and it works on that device - meaning I can ping the gateway and surf with a PC connected directly to the Netopia.

I *cannot* get the ASA to work with the IP block I've been assigned.

In DHCP mode, the subnet mask on the interface is /32, with a gateway in a different /8 subnet - my IP is 68.x.y.z/32 and the gateway is 65.a.b.c.  I get this information from "show ip" and "show vpdn ppp".

I've also tried setting my ip to an address in the middle of the subnet block and tried the gateway on either end of the block (AT&T likes to use the high end of the block for gateway).

I've also tried a /24 mask with gateway on .1 and .254.  Nothing works.

Yet, as I mentioned, the IP block works if I manually assign it on the modem/router.
0
Comment
Question by:snowdog_2112
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 17

Expert Comment

by:lruiz52
ID: 37840761
Set DSL modem/router back to router mode, and manually assign the IP block to the ASA vlan2 interface and set default route, should be something like below

Configure the external interface vlan (connected to Internet)
-------------------------------------------------------------------------------------
ASA5505(config)# interface Vlan 2
ASA5505(config-if)# nameif outside
ASA5505(config-if)# security-level 0
ASA5505(config-if)# ip address x.x.x.x x.x.x.x  (use ip and maskyou wher using for 3310)
ASA5505(config-if)# no shut

Assign Ethernet 0/0 to Vlan 2
-------------------------------------------------
ASA5505(config)# interface Ethernet0/0
ASA5505(config-if)# switchport access vlan 2
ASA5505(config-if)# no shut

Configure PAT on the outside interface
-----------------------------------------------------
ASA5505(config)# global (outside) 1 interface
ASA5505(config)# nat (inside) 1 0.0.0.0 0.0.0.0

Configure default route towards the ISP
---------------------------------------------------------------------------------------------------------
ASA5505(config)# route outside 0.0.0.0 0.0.0.0 x.x.x.x1 ( use ip assigned to the dsl modem)



Article Source: http://EzineArticles.com/1681858
0
 

Author Comment

by:snowdog_2112
ID: 37840859
If I put the DSL modem back to router mode, it will have my public IP block on its outside interface and a private IP on the inside - which is the outside of the ASA.

Another way would be to put my static block on the inside of the DSL modem and let the outside get DHCP from AT&T - but then there will be no route for my block pointing to the DHCP address on the outside of the modem.

Can you clarify your config - am I missing something with what you have in the sample?

Thanks.
0
 
LVL 17

Expert Comment

by:lruiz52
ID: 37840992
What is the make and model of the dsl modem?
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:snowdog_2112
ID: 37842299
I've tried a Netopia 3310 and a Speedstream 4100.  

Both do the same thing - I can get DHCP with the ASA doing pppoe, but I cannot assign the static block.
0
 

Author Comment

by:snowdog_2112
ID: 37889792
Any thoughts?
0
 

Accepted Solution

by:
snowdog_2112 earned 0 total points
ID: 37933342
solved.  For static ip assignments on at&t, the dsl username needs to be username@static.sbcglobal.net.  In my case, I had made the change, but it must have reverted on a reboot (not saved).

I had overlooked that since I was sure I had made the change.

Working now.
0
 

Author Closing Comment

by:snowdog_2112
ID: 37951053
suggested solutions were not part of the solution.
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question