klsphotos
asked on
Turning Verizon Fios Router into a Bridge?
Hi Experts,
We currently have a Cisco ASA and a verizon router that is set up as a bridge.
We have a second Verizon Fios router with our second line, yes we pay for two. We have a application that uses a lot of bandwidth that they want to dedicate on this line.
As I said we have a second Verizon Fios Router and a second Cisco ASA that I have configured with the same rules as the first but different ip address.
What I would like to do is bridge this router and I have no idea how to do this in the admin. It's different than the first and Verizon isn't being very helpful.
Any idea how I can get this router to bridge or has anyone set this up? The end result will be Verizon is a bridge plugged into internet and Cisco ASA, cisco asa is plugged into it's own dedicated switch and the only systems plugged into that switch will have their own static its with the gateway to the second cisco ASA.
We originally wanted a second network for this but that right now is beyond my expertise.
thank you,
Karen
We currently have a Cisco ASA and a verizon router that is set up as a bridge.
We have a second Verizon Fios router with our second line, yes we pay for two. We have a application that uses a lot of bandwidth that they want to dedicate on this line.
As I said we have a second Verizon Fios Router and a second Cisco ASA that I have configured with the same rules as the first but different ip address.
What I would like to do is bridge this router and I have no idea how to do this in the admin. It's different than the first and Verizon isn't being very helpful.
Any idea how I can get this router to bridge or has anyone set this up? The end result will be Verizon is a bridge plugged into internet and Cisco ASA, cisco asa is plugged into it's own dedicated switch and the only systems plugged into that switch will have their own static its with the gateway to the second cisco ASA.
We originally wanted a second network for this but that right now is beyond my expertise.
thank you,
Karen
What model router is it?
If you have FiOS and want to have an ASA directly connected to the internet, I'd recommend to take a different approach if possible: Have Verizon provision the Ethernet port on the ONT (assuming there is one installed), so that way you can connect your ASA directly to the Verizon service instead of being forced to utilize coax and their router.
If you have FiOS and want to have an ASA directly connected to the internet, I'd recommend to take a different approach if possible: Have Verizon provision the Ethernet port on the ONT (assuming there is one installed), so that way you can connect your ASA directly to the Verizon service instead of being forced to utilize coax and their router.
I don't know what kind of model you have but try to go trough this tutorial
http://support.actiontec.com/doc_files/Configure_MI424WR_as_a_LAN_MoCA_Bridge.pdf
http://support.actiontec.com/doc_files/Configure_MI424WR_as_a_LAN_MoCA_Bridge.pdf
Or...
If you have regular router like FIOS for home user you can do it using this tutorial
https://www.verizon.com/support/residential/internet/highspeed/networking/setup/questionsone/123766.htm
If you have regular router like FIOS for home user you can do it using this tutorial
https://www.verizon.com/support/residential/internet/highspeed/networking/setup/questionsone/123766.htm
Log into the router with a laptop, once the laptop pick up the ip address you will know its ip address and turn off router mode or switch from router mode to gateway or just ask them to bridge it for you.
You pay for it so they will do what you ask
You pay for it so they will do what you ask
Actually, you could also just ask Verizon for assistance and they'll tell you. However, I would still advice switching to the Ethernet route if feasible. Naturally, you would have to run a cable from the ONT to the ASA.
One other question: Do you only have Verizon for internet service, or do you use them for cable TV as well? (This does matter because if you're not careful, you do end up not being able to use the interactive guide)
One other question: Do you only have Verizon for internet service, or do you use them for cable TV as well? (This does matter because if you're not careful, you do end up not being able to use the interactive guide)
ASKER
Thank you everyone, I am finally getting back to this.
The model of the router is Quantum g1100 and it's not looking like this is a easy thing to do, or that I can do it in the admin panel?
The model of the router is Quantum g1100 and it's not looking like this is a easy thing to do, or that I can do it in the admin panel?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I followed that and it worked it's bridged!!!! Thank you. Still confused about the cabling though....it's on the same network as the other firewall so it's 192.168.1.2 our main is .1 I have it plugged into one of our switched to reach it but I have a dedicated switch for this firewall, so how do I plug in the cables into this new switch and also our internal network so the systems being plugged into it can reach both?
As far as things internally go, what exactly are you trying to do? Two separate networks that share the same switch, and only need to use a subset of ports?
ASKER
We have two separate verizon lines, 2 separate boxes and two separate ASA's.
For now we have one network, or at least that is what I was trying to do. I am not able to do the advanced routing to add the separate network as of yet.
We need a group of workstations to be the only ones configured to use this line and this ASA.
They need to go out to the internet through this second line while still being able to connect to the internal resources from behind this ASA.
I do have a dedicated switch to hook up to this ASA for these workstations.
They already have static Ip's so I thought I could just change the gateway, since I turned DHCP off.
Here is the other issue:
I did the above and now I can't get back into the admin of the verizon router.
I chose the wrong Ip address when I configured it, now I can't get back in at all.
Any advice or assistance is appreciated.
For now we have one network, or at least that is what I was trying to do. I am not able to do the advanced routing to add the separate network as of yet.
We need a group of workstations to be the only ones configured to use this line and this ASA.
They need to go out to the internet through this second line while still being able to connect to the internal resources from behind this ASA.
I do have a dedicated switch to hook up to this ASA for these workstations.
They already have static Ip's so I thought I could just change the gateway, since I turned DHCP off.
Here is the other issue:
I did the above and now I can't get back into the admin of the verizon router.
I chose the wrong Ip address when I configured it, now I can't get back in at all.
Any advice or assistance is appreciated.
You can always factory reset the Verizon router you cannot access, and just go through the steps to turn it into a bridge again. Hold in the reset button for 3 seconds.
If you did switched VZ router to Bridge mode you have only ONE IP inside network.
If you want your workstation directly (or through) switch connected to this router go to internet just set on all workstation GATEWAY that is your External Router Gateway.
If you have DNS in your network and this DNS is connected through separate router with NAT to internet use this DNS if not, you need to set external DNS on NIC connected to bridget router too. You can use VZ DNS or Google like 8.8.8.8 but if you do this then your computer will not be able to resolve your internal DNS computers name and will have problem wit access to DC if you have one.
If you want your workstation directly (or through) switch connected to this router go to internet just set on all workstation GATEWAY that is your External Router Gateway.
If you have DNS in your network and this DNS is connected through separate router with NAT to internet use this DNS if not, you need to set external DNS on NIC connected to bridget router too. You can use VZ DNS or Google like 8.8.8.8 but if you do this then your computer will not be able to resolve your internal DNS computers name and will have problem wit access to DC if you have one.
So the application that you're talking about wanting to go out on the second connection, is it only loaded on a subset of workstations or is it on a dedicated set of servers?
ASKER
It's a dedicated group of workstations.
The workstations need to utilize the bandwidth on the second line, they still need to access the internal resources files and active directory. The only need for this second line is so they can have their own dedicated internet and way out.
Tom, if I put the google DNS in they won't be able to access anything from Active Directory. Everything on the second Cisco ASA has all of our DNS and settings defined almost identical to the first one. Each ASA has it's own IP so I did that, I changed the gateway on a testing system BUT I think because I had the wrong IP on the inside of the second Verizon router, it didn't work so I did just reset the Verizon router and am starting over.
I ideally I would love to get this set up on it's own subnet but that requires (I think?) quite a bit of advanced routing that I am not able to do, right now I need to get these workstations off of our fios line and on their own. When they all run they eat up a lot of our internet and connectivity.
The workstations need to utilize the bandwidth on the second line, they still need to access the internal resources files and active directory. The only need for this second line is so they can have their own dedicated internet and way out.
Tom, if I put the google DNS in they won't be able to access anything from Active Directory. Everything on the second Cisco ASA has all of our DNS and settings defined almost identical to the first one. Each ASA has it's own IP so I did that, I changed the gateway on a testing system BUT I think because I had the wrong IP on the inside of the second Verizon router, it didn't work so I did just reset the Verizon router and am starting over.
I ideally I would love to get this set up on it's own subnet but that requires (I think?) quite a bit of advanced routing that I am not able to do, right now I need to get these workstations off of our fios line and on their own. When they all run they eat up a lot of our internet and connectivity.
Just curious, what model are your ASA units and what is the bandwidth eating application?
OK, so my question is.
Why you asked to reprogram router to bridge ?
Now you have only one IP and is external and you have no firewall between internet and your network.
You should just put second router as a gateway to group of your computers you want to give access on separate connection to.
Now you should change IP on one of your computer connected to bridge to same subnet and go back to bridge and reverse changes.
If you put on bridge IP 192.168.1.2 or something similar you should put temporarily 192.168.1.10 on one computer and connect back to bridge and reprogram it back.
Just disable DHCP ald leave NAT on router so you can set gateway for computers you want to go through this router to 192.168.1.2 and you should be OK
Why you asked to reprogram router to bridge ?
Now you have only one IP and is external and you have no firewall between internet and your network.
You should just put second router as a gateway to group of your computers you want to give access on separate connection to.
Now you should change IP on one of your computer connected to bridge to same subnet and go back to bridge and reverse changes.
If you put on bridge IP 192.168.1.2 or something similar you should put temporarily 192.168.1.10 on one computer and connect back to bridge and reprogram it back.
Just disable DHCP ald leave NAT on router so you can set gateway for computers you want to go through this router to 192.168.1.2 and you should be OK
In a perfect world, this would've been the setup I would've aimed for (and this is assuming that you do indeed need the two FiOS connections):
1) Have a single firewall (not going to pitch a brand of model as a number of devices can do this) connected to both connections with rules defined for those PCs with the application to use the second connection. (I know you said advanced routing isn't your thing, but there are a number of units that have interfaces that make things tolerable)
2) Depending on the total number of machines and layout of the organization, make use of VLANs.
Now, without using the assumption I put in, I would've ideally gone for ONE connection. But that also depends on what other options are available to you. For example, are you somewhere where Comcast's fiber service is available (granted it would cost considerably more, but you could get higher speeds)?
I also wonder where you're located? (Given who your ISP is, I can at least guess which region of the US) It seems like in many regards you're complicating things more than you have to while trying to keep things in the scope of what you know, and should consider hiring someone to assist, be it a local company or an EE gig.
1) Have a single firewall (not going to pitch a brand of model as a number of devices can do this) connected to both connections with rules defined for those PCs with the application to use the second connection. (I know you said advanced routing isn't your thing, but there are a number of units that have interfaces that make things tolerable)
2) Depending on the total number of machines and layout of the organization, make use of VLANs.
Now, without using the assumption I put in, I would've ideally gone for ONE connection. But that also depends on what other options are available to you. For example, are you somewhere where Comcast's fiber service is available (granted it would cost considerably more, but you could get higher speeds)?
I also wonder where you're located? (Given who your ISP is, I can at least guess which region of the US) It seems like in many regards you're complicating things more than you have to while trying to keep things in the scope of what you know, and should consider hiring someone to assist, be it a local company or an EE gig.
I just read your other EE posts, and that does address the last portion my last post.
ASKER
We are able and have two FIOS lines and boxes, there is no sharing of connection between the two. Each line has their own static IP Addresses.
Our current main Firewall is older and also only has 4 ports. All the ports are taken with our internal and DMZ. The plan was to upgrade and move everything over into our current one that could also accommodate the two lines. The older one can but since we want to replace it, it was easier to work on the second one and get it set up without interrupting production.
We already have the highest speed allowed from Verizon and the applications running on these systems slow down our connectivity so management wants them on their own. The application is something that was developed in house. The set up is not ideal but it's profitable.
We are going to hire outside assistance but I need to at least get these systems hooked up and going out on the second line. The configuration from the original ASA has already been copied to this second firewall - the difference in ips, etc.
I am currently having issues getting the router to reset so still working on that.
Our current main Firewall is older and also only has 4 ports. All the ports are taken with our internal and DMZ. The plan was to upgrade and move everything over into our current one that could also accommodate the two lines. The older one can but since we want to replace it, it was easier to work on the second one and get it set up without interrupting production.
We already have the highest speed allowed from Verizon and the applications running on these systems slow down our connectivity so management wants them on their own. The application is something that was developed in house. The set up is not ideal but it's profitable.
We are going to hire outside assistance but I need to at least get these systems hooked up and going out on the second line. The configuration from the original ASA has already been copied to this second firewall - the difference in ips, etc.
I am currently having issues getting the router to reset so still working on that.
If for some reason it won't reset properly (holding in the reset button for ~3 seconds should be all you have to do), Verizon should be able to assist.
ASKER
Ok last question if I can.
I have reset the router successfully.
It wasn't connected to the internet until I manually added our static ip addresses to the configuration.
Once I did that I was connected.
I then followed the directions above but gave it the proper internal IP Address. I was correct before, now I am able to access the console and not be locked out of it since completing this.
Here is what I am not getting.
In following the directions above on this line:
Obtain IP Address Automatically' to 'No IP Address'
I removed the manual IP Settings put in by myself and Verizon and it's what we are assigned and how we connect to the internet. I am connected from a workstation successfully and can ping everything on the internal network and see myself in the Cisco ASA but cannot reach the internet.
Should I have left those settings and done everything else? I'm not getting how it connects to the internet being a bridge if I don't.
Thank you and thank you for all your help.
Karen
I have reset the router successfully.
It wasn't connected to the internet until I manually added our static ip addresses to the configuration.
Once I did that I was connected.
I then followed the directions above but gave it the proper internal IP Address. I was correct before, now I am able to access the console and not be locked out of it since completing this.
Here is what I am not getting.
In following the directions above on this line:
Obtain IP Address Automatically' to 'No IP Address'
I removed the manual IP Settings put in by myself and Verizon and it's what we are assigned and how we connect to the internet. I am connected from a workstation successfully and can ping everything on the internal network and see myself in the Cisco ASA but cannot reach the internet.
Should I have left those settings and done everything else? I'm not getting how it connects to the internet being a bridge if I don't.
Thank you and thank you for all your help.
Karen
Obtain IP Address Automatically' to 'No IP Address'
I removed the manual IP Settings put in by myself and Verizon and it's what we are assigned and how we connect to the internet. I am connected from a workstation successfully and can ping everything on the internal network and see myself in the Cisco ASA but cannot reach the internet.
That should prevent the Verizon router from getting a public IP address via DHCP. However, is the ASA properly configured with the static information?
ASKER
Yes, the ASA has the ......
The ASA has our main static IP address...of static.ip.address/24
The ASA has our main static IP address...of static.ip.address/24
Can you at least ping outside? Or does that not work either?
ASKER
Nope only everything inside
I thin you should connect second router/bridge the way first one is connected
VERIZON--ASA--SWITCH--LAN
VERIZON--ASA-----|
Second ASA connect to same switch first one is connected.
If second VERIZON is set As Bridge then Your External IP will be assigned to ASA WAN port.
If you ASA LAN will have 192.168.1.1 IP (for example) just set this IP as GATEWAY to all computers you want reroute to internet through second ASA-VERIZON
That's all
VERIZON--ASA--SWITCH--LAN
VERIZON--ASA-----|
Second ASA connect to same switch first one is connected.
If second VERIZON is set As Bridge then Your External IP will be assigned to ASA WAN port.
If you ASA LAN will have 192.168.1.1 IP (for example) just set this IP as GATEWAY to all computers you want reroute to internet through second ASA-VERIZON
That's all
ASKER
I have tried multiple things, I am connected successfully to ASA and internal network and traffic is hitting it, but can't for the life of me figure out why I can't get to the internet. I'm going to close this since I am successful in creating the bridge. I can't thank you all enough!
Verizon might not like you bringing your own equipment to the table, but if it's identical to the one you already have they will have a hard time claiming that it's not supported.