Link to home
Start Free TrialLog in
Avatar of klsphotos
klsphotos

asked on

Turning Verizon Fios Router into a Bridge?

Hi Experts,

We currently have a Cisco ASA and a verizon router that is set up as a bridge.

We have a second Verizon Fios router with our second line, yes we pay for two.  We have a application that uses a lot of bandwidth that they want to dedicate on this line.

As I said we have a second Verizon Fios Router and a second Cisco ASA that I have configured with the same rules as the first but different ip address.

What I would like to do is bridge this router and I have no idea how to do this in the admin.  It's different than the first and Verizon isn't being very helpful.

Any idea how I can get this router to bridge or has anyone set this up?  The end result will be Verizon is a bridge plugged into internet and Cisco ASA, cisco asa is plugged into it's own dedicated switch and the only systems plugged into that switch will have their own static its with the gateway to the second cisco ASA.

We originally wanted a second network for this but that right now is beyond my expertise.

thank you,

Karen
Avatar of Dr. Klahn
Dr. Klahn

In this situation, I'd go out on ebay and buy another one of the first model routers, the one that you do know how to set up.  Then you'll have two identical pieces of hardware and need only stock one spare, rather than two different pieces of hardware for which you'll need to stock two spares.

Verizon might not like you bringing your own equipment to the table, but if it's identical to the one you already have they will have a hard time claiming that it's not supported.
What model router is it?

If you have FiOS and want to have an ASA directly connected to the internet, I'd recommend to take a different approach if possible: Have Verizon provision the Ethernet port on the ONT (assuming there is one installed), so that way you can connect your ASA directly to the Verizon service instead of being forced to utilize coax and their router.
I don't know what kind of model you have but try to go trough this tutorial

http://support.actiontec.com/doc_files/Configure_MI424WR_as_a_LAN_MoCA_Bridge.pdf
Or...
If you have regular router like FIOS for home user you can do it using this tutorial

https://www.verizon.com/support/residential/internet/highspeed/networking/setup/questionsone/123766.htm
Log into the router with a laptop, once the laptop pick up the ip address you will know its ip address and turn off router mode or switch from router mode to gateway or just ask them to bridge it for you.

You pay for it so they will do what you ask
Actually, you could also just ask Verizon for assistance and they'll tell you. However, I would still advice switching to the Ethernet route if feasible. Naturally, you would have to run a cable from the ONT to the ASA.

One other question: Do you only have Verizon for internet service, or do you use them for cable TV as well? (This does matter because if you're not careful, you do end up not being able to use the interactive guide)
Avatar of klsphotos

ASKER

Thank you everyone, I am finally getting back to this.

The model of the router is Quantum g1100 and it's not looking like this is a easy thing to do, or that I can do it in the admin panel?
ASKER CERTIFIED SOLUTION
Avatar of masnrock
masnrock
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I followed that and it worked it's bridged!!!!  Thank you.  Still confused about the cabling though....it's on the same network as the other firewall so it's 192.168.1.2 our main is .1  I have it plugged into one of our switched to reach it but I have a dedicated switch for this firewall, so how do I plug in the cables into this new switch and also our internal network so the systems being plugged into it can reach both?
As far as things internally go, what exactly are you trying to do? Two separate networks that share the same switch, and only need to use a subset of ports?
We have two separate verizon lines, 2 separate boxes and two separate ASA's.

For now we have one network, or at least that is what I was trying to do.  I am not able to do the advanced routing to add the separate network as of yet.

We need a group of workstations to be the only ones configured to use this line and this ASA.

They need to go out to the internet through this second line while still being able to connect to the internal resources from behind this ASA.

I do have a dedicated switch to hook up to this ASA for these workstations.
They already have static Ip's so I thought I could just change the gateway, since I turned DHCP off.

Here is the other issue:

I did the above and now I can't get back into the admin of the verizon router.
I chose the wrong Ip address when I configured it, now I can't get back in at all.

Any advice or assistance is appreciated.
You can always factory reset the Verizon router you cannot access, and just go through the steps to turn it into a bridge again. Hold in the reset button for 3 seconds.
If you did switched VZ router to Bridge mode you have only ONE IP inside network.
If you want your workstation directly (or through) switch connected to this router go to internet just set on all workstation GATEWAY that is your External Router Gateway.
If you have DNS in your network and this DNS is connected through separate router with NAT to internet use this DNS if not, you need to set external DNS on NIC connected to bridget router too. You can use VZ DNS or Google like 8.8.8.8 but if you do this then your computer will not be able to resolve your internal DNS computers name and will have problem wit access to DC if you have one.
So the application that you're talking about wanting to go out on the second connection, is it only loaded on a subset of workstations or is it on a dedicated set of servers?
It's a dedicated group of workstations.

The workstations need to utilize the bandwidth on the second line, they still need to access the internal resources files and active directory.  The only need for this second line is so they can have their own dedicated internet and way out.  

Tom, if I put the google DNS in they won't be able to access anything from Active Directory.  Everything on the second Cisco ASA has all of our DNS and settings defined almost identical to the first one.  Each ASA has it's own IP so I did that, I changed the gateway on a testing system BUT I think because I had the wrong IP on the inside of the second Verizon router, it didn't work so I did just reset the Verizon router and am starting over.

I ideally I would love to get this set up on it's own subnet but that requires (I think?) quite a bit of advanced routing that I am not able to do, right now I need to get these workstations off of our fios line and on their own.  When they all run they eat up a lot of our internet and connectivity.
Just curious, what model are your ASA units and what is the bandwidth eating application?
OK, so my question is.
Why you asked to reprogram router to bridge ?
Now you have only one IP and is external and you have no firewall between internet and your network.

You should just put second router as a gateway to group of your computers you want to give access on separate connection to.

Now you should change IP on one of your computer connected to bridge to same subnet and go back to bridge and reverse changes.

If you put on bridge IP 192.168.1.2 or something similar you should put temporarily 192.168.1.10 on one computer and connect back to bridge and reprogram it back.
Just disable DHCP ald leave NAT on router so you can set gateway for computers you want to go through this router to 192.168.1.2 and you should be OK
In a perfect world, this would've been the setup I would've aimed for (and this is assuming that you do indeed need the two FiOS connections):
1) Have a single firewall (not going to pitch a brand of model as a number of devices can do this) connected to both connections with rules defined for those PCs with the application to use the second connection. (I know you said advanced routing isn't your thing, but there are a number of units that have interfaces that make things tolerable)
2) Depending on the total number of machines and layout of the organization, make use of VLANs.

Now, without using the assumption I put in, I would've ideally gone for ONE connection. But that also depends on what other options are available to you. For example, are you somewhere where Comcast's fiber service is available (granted it would cost considerably more, but you could get higher speeds)?

I also wonder where you're located? (Given who your ISP is, I can at least guess which region of the US) It seems like in many regards you're complicating things more than you have to while trying to keep things in the scope of what you know, and should consider hiring someone to assist, be it a local company or an EE gig.
I just read your other EE posts, and that does address the last portion my last post.
We are able and have two FIOS lines and boxes, there is no sharing of connection between the two.  Each line has their own static IP Addresses.

Our current main Firewall is older and also only has 4 ports.  All the ports are taken with our internal and DMZ.  The plan was to upgrade and move everything over into our current one that could also accommodate the two lines.  The older one can but since we want to replace it, it was easier to work on the second one and get it set up without interrupting production.

We already have the highest speed allowed from Verizon and the applications running on these systems slow down our connectivity so management wants them on their own.  The application is something that was developed in house.  The set up is not ideal but it's profitable.

We are going to hire outside assistance but I need to at least get these systems hooked up and going out on the second line.  The configuration from the original ASA has already been copied to this second firewall - the difference in ips, etc.

I am currently having issues getting the router to reset so still working on that.
If for some reason it won't reset properly (holding in the reset button for ~3 seconds should be all you have to do), Verizon should be able to assist.
Ok last question if I can.

I have reset the router successfully.
It wasn't connected to the internet until I manually added our static ip addresses to the configuration.
Once I did that I was connected.
I then followed the directions above but gave it the proper internal IP Address.  I was correct before, now I am able to access the console and not be locked out of it since completing this.

Here is what I am not getting.

In following the directions above on this line:

Obtain IP Address Automatically' to 'No IP Address'

I removed the manual IP Settings put in by myself and Verizon and it's what we are assigned and how we connect to the internet.  I am connected from a workstation successfully and can ping everything on the internal network and see myself in the Cisco ASA but cannot reach the internet.

Should I have left those settings and done everything else?  I'm not getting how it connects to the internet being a bridge if I don't.

Thank you and thank you for all your help.

Karen
Obtain IP Address Automatically' to 'No IP Address'

I removed the manual IP Settings put in by myself and Verizon and it's what we are assigned and how we connect to the internet.  I am connected from a workstation successfully and can ping everything on the internal network and see myself in the Cisco ASA but cannot reach the internet.

That should prevent the Verizon router from getting a public IP address via DHCP. However, is the ASA properly configured with the static information?
Yes, the ASA has the ......

The ASA has our main static IP address...of static.ip.address/24
Can you at least ping outside? Or does that not work either?
Nope only everything inside
I thin you should connect second router/bridge the way first one is connected

VERIZON--ASA--SWITCH--LAN
VERIZON--ASA-----|

Second ASA connect to same switch first one is connected.

If second VERIZON is set As Bridge then Your External IP will be assigned to ASA WAN port.
If you ASA LAN will have 192.168.1.1 IP (for example) just set this IP as GATEWAY to all computers you want reroute to internet through second ASA-VERIZON

That's all
I have tried multiple things, I am connected successfully to ASA and internal network and traffic is hitting it, but can't for the life of me figure out why I can't get to the internet.  I'm going to close this since I am successful in creating the bridge.  I can't thank you all enough!