«

I would like to put my ADSL modem/router into bridging mode and have my PIX
501 accept the single public IP.

Would the ADSL modem or the PIX firewall do the PPPoE authenication?

If the PIX has to do the PPPoE then I would just have to worry about the
vpdn statements and make sure the outside interface of the PIX reflects the
public IP address. Its a static address so I can just manually enter it in.

Am I on the right track and can anyone point me towards an example config?

> Would the ADSL modem or the PIX firewall do the PPPoE authenication?
>

The pix, however.

> If the PIX has to do the PPPoE then I would just have to worry about the
> vpdn statements and make sure the outside interface of the PIX reflects
> the
> public IP address. Its a static address so I can just manually enter it
> in.
>

Correct.
Bye,
Tosh.

It has been my experience that "static IP" from the ADSL provider just
means they assign you the same address everytime you request one, not
necessarily that the request process stops. I had some trouble getting
my 827 to work with my static IP set manually, instead I configured it
to negotiate the IP and it gets the same one from Bellsouth everytime.
It is my understanding that the PIX after a certain level of code (6.3
I want to say) will actually do the PPPoE authentication, if you
decide to do this just be mindful that your setup may work better just
letting the PIX negotiate an IP since your provider will probably give
you the same IP regardless.

Good luck
-Robert

On Thu, 3 Feb 2005 16:41:17 +1100, "goooo" <> wrote:

>I would like to put my ADSL modem/router into bridging mode and have my PIX
>501 accept the single public IP.
>
>Would the ADSL modem or the PIX firewall do the PPPoE authenication?
>
>If the PIX has to do the PPPoE then I would just have to worry about the
>vpdn statements and make sure the outside interface of the PIX reflects the
>public IP address. Its a static address so I can just manually enter it in.
>
>Am I on the right track and can anyone point me towards an example config?
>

I want to do the same sort of thing, I have a Cisco 827 adsl with a PIX
515 behind it. I want the PIX to get the one public ip address. What
would the config for the 827 look like? Also I am not sure that the 827
is currently doing PPPoE, how can I tell.

Here's a portion of the 827's current config:

interface ATM0
no ip address
ip directed-broadcast
ip nat outside
ip virtual-reassembly
atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
pvc 0/100
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer0
ip address 198.x.x.x 255.255.255.248
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 2
ppp chap hostname xxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxx
!

Thanks,

Robert

I have found a document that seems to say that I am using PPPoA. Would
the PIX have to do this authentication if the cisco 827 is put into
bridge mode? Is the PIX capable of this?

>I have found a document that seems to say that I am using PPPoA. Would
> the PIX have to do this authentication if the cisco 827 is put into
> bridge mode? Is the PIX capable of this?
>

You have to configure your 827 in bridged mode (rfc1483 bdridged) and
configure your pix to take care of the ppp issue (encap + auth), but pppoa
has nothing to do with this.
Afaik bridging has nothing to do with pppoa and pix supports only pppoe.
You have to investigate if your dsl supports both pppoa and pppoe or can be
switched to pppoe.
Bye,
Tosh.