Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco ASA 5505 configuration for PPPOE/BellSouth

Reply
Thread Tools

Cisco ASA 5505 configuration for PPPOE/BellSouth

 
 
JASZTECH
Guest
Posts: n/a
 
      08-12-2007
Hello all, I just purchased a Cisco ASA 5505 and I am having trouble
configuring my device to work with my BellSouth DSL connection. I
tried placing the Netopia 3347NWG in what's called bridge mode but
then configure the 5505 for PPPOE but authentication continued to
fail.
Now I am going to try PPPoE with a Routed Subnet, using the
instructions from the Netopia link below (http://www.netopia.com/
support/hardware/technotes/CQG_042.html)

I am including my current 5505 conf for your viewing. Any help or
advice would be greatly appreciated.


-JT-


hostname JASZLINK-5505
domain-name jaszlink.net
enable password xxxxx encrypted
names
name 10.1.1.200 DC01 description Doman Controller
name 10.1.1.206 Dev01 description Development Server
name 10.1.1.202 Exchange01 description Exchange Server
name 10.1.1.204 Project01 description Project Server
!
interface Vlan1
description Inside Network Interface
nameif inside/LAN
security-level 100
ip address 10.1.1.1 255.255.255.0
!
interface Vlan2
description Outside Network Interface
nameif outside/WAN
security-level 0
ip address 72.151.92.106 255.255.255.248
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name jaszlink.net
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list inbound extended permit tcp any host Exchange01 eq smtp
access-list inbound extended permit tcp any host DC01 eq 3389
access-list inbound extended permit tcp any host DC01 eq pptp
access-list inbound extended permit tcp any host Dev01 eq 5904
pager lines 24
logging enable
logging asdm informational
mtu inside/LAN 1500
mtu outside/WAN 1500
ip verify reverse-path interface outside/WAN
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
nat (inside/LAN) 1 10.1.1.0 255.255.255.0
static (inside/LAN,outside/WAN) 72.151.92.107 DC01 netmask
255.255.255.255
static (inside/LAN,outside/WAN) 72.151.92.108 Exchange01 netmask
255.255.255.255
static (inside/LAN,outside/WAN) 72.151.92.110 Dev01 netmask
255.255.255.255
static (inside/LAN,outside/WAN) 72.151.92.109 Project01 netmask
255.255.255.255
access-group inbound in interface outside/WAN
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-
pat
0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-
disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 10.1.1.0 255.255.255.0 inside/LAN
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown
coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd update dns
!
dhcpd address 10.1.1.x-10.1.1.x inside/LAN
dhcpd dns 10.1.1.1 interface inside/LAN
dhcpd enable inside/LAN
!
dhcpd dns 205.152.37.23 205.152.132.23 interface outside/WAN
!


!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp


prompt hostname context
Cryptochecksumxxxx
: end

 
Reply With Quote
 
 
 
 
icschorr@googlemail.com
Guest
Posts: n/a
 
      08-12-2007
On 12 Aug., 19:25, JASZTECH <(E-Mail Removed)> wrote:
> Hello all, I just purchased a Cisco ASA 5505 and I am having trouble
> configuring my device to work with my BellSouth DSL connection. I
> tried placing the Netopia 3347NWG in what's called bridge mode but
> then configure the 5505 for PPPOE but authentication continued to
> fail.
> Now I am going to try PPPoE with a Routed Subnet, using the
> instructions from the Netopia link below (http://www.netopia.com/
> support/hardware/technotes/CQG_042.html)
>
> I am including my current 5505 conf for your viewing. Any help or
> advice would be greatly appreciated.
>
> -JT-
>
> hostname JASZLINK-5505
> domain-name jaszlink.net
> enable password xxxxx encrypted
> names
> name 10.1.1.200 DC01 description Doman Controller
> name 10.1.1.206 Dev01 description Development Server
> name 10.1.1.202 Exchange01 description Exchange Server
> name 10.1.1.204 Project01 description Project Server
> !
> interface Vlan1
> description Inside Network Interface
> nameif inside/LAN
> security-level 100
> ip address 10.1.1.1 255.255.255.0
> !
> interface Vlan2
> description Outside Network Interface
> nameif outside/WAN
> security-level 0
> ip address 72.151.92.106 255.255.255.248
> !
> interface Ethernet0/0
> switchport access vlan 2
> !
> interface Ethernet0/1
> !
> interface Ethernet0/2
> !
> interface Ethernet0/3
> !
> interface Ethernet0/4
> !
> interface Ethernet0/5
> !
> interface Ethernet0/6
> !
> interface Ethernet0/7
> !
> passwd 2KFQnbNIdI.2KYOU encrypted
> ftp mode passive
> clock timezone EST -5
> clock summer-time EDT recurring
> dns server-group DefaultDNS
> domain-name jaszlink.net
> same-security-traffic permit inter-interface
> same-security-traffic permit intra-interface
> access-list inbound extended permit tcp any host Exchange01 eq smtp
> access-list inbound extended permit tcp any host DC01 eq 3389
> access-list inbound extended permit tcp any host DC01 eq pptp
> access-list inbound extended permit tcp any host Dev01 eq 5904
> pager lines 24
> logging enable
> logging asdm informational
> mtu inside/LAN 1500
> mtu outside/WAN 1500
> ip verify reverse-path interface outside/WAN
> no failover
> icmp unreachable rate-limit 1 burst-size 1
> asdm image disk0:/asdm-522.bin
> no asdm history enable
> arp timeout 14400
> nat (inside/LAN) 1 10.1.1.0 255.255.255.0
> static (inside/LAN,outside/WAN) 72.151.92.107 DC01 netmask
> 255.255.255.255
> static (inside/LAN,outside/WAN) 72.151.92.108 Exchange01 netmask
> 255.255.255.255
> static (inside/LAN,outside/WAN) 72.151.92.110 Dev01 netmask
> 255.255.255.255
> static (inside/LAN,outside/WAN) 72.151.92.109 Project01 netmask
> 255.255.255.255
> access-group inbound in interface outside/WAN
> timeout xlate 3:00:00
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
> timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-
> pat
> 0:05:00
> timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-
> disconnect 0:02:00
> timeout uauth 0:05:00 absolute
> http server enable
> http 10.1.1.0 255.255.255.0 inside/LAN
> no snmp-server location
> no snmp-server contact
> snmp-server enable traps snmp authentication linkup linkdown
> coldstart
> telnet timeout 5
> ssh timeout 5
> console timeout 0
> dhcpd update dns
> !
> dhcpd address 10.1.1.x-10.1.1.x inside/LAN
> dhcpd dns 10.1.1.1 interface inside/LAN
> dhcpd enable inside/LAN
> !
> dhcpd dns 205.152.37.23 205.152.132.23 interface outside/WAN
> !
>
> !
> class-map inspection_default
> match default-inspection-traffic
> !
> !
> policy-map type inspect dns preset_dns_map
> parameters
> message-length maximum 512
> policy-map global_policy
> class inspection_default
> inspect dns preset_dns_map
> inspect ftp
> inspect h323 h225
> inspect h323 ras
> inspect rsh
> inspect rtsp
> inspect esmtp
> inspect sqlnet
> inspect skinny
> inspect sunrpc
> inspect xdmcp
> inspect sip
> inspect netbios
> inspect tftp
>
> prompt hostname context
> Cryptochecksumxxxx
> : end


Hello,
when you have a routed subnet you must set the default route /for the
internet/. So I don't can see your routing information.

 
Reply With Quote
 
 
 
 
nakhmanson@gmail.com
Guest
Posts: n/a
 
      08-13-2007
On Aug 12, 1:59 pm, (E-Mail Removed) wrote:
> On 12 Aug., 19:25, JASZTECH <(E-Mail Removed)> wrote:
>
>
>
>
>
> > Hello all, I just purchased a Cisco ASA 5505 and I am having trouble
> > configuring my device to work with my BellSouth DSL connection. I
> > tried placing the Netopia 3347NWG in what's called bridge mode but
> > then configure the 5505 for PPPOE but authentication continued to
> > fail.
> > Now I am going to try PPPoE with a Routed Subnet, using the
> > instructions from the Netopia link below (http://www.netopia.com/
> > support/hardware/technotes/CQG_042.html)

>
> > I am including my current 5505 conf for your viewing. Any help or
> > advice would be greatly appreciated.

>
> > -JT-

>
> > hostname JASZLINK-5505
> > domain-name jaszlink.net
> > enable password xxxxx encrypted
> > names
> > name 10.1.1.200 DC01 description Doman Controller
> > name 10.1.1.206 Dev01 description Development Server
> > name 10.1.1.202 Exchange01 description Exchange Server
> > name 10.1.1.204 Project01 description Project Server
> > !
> > interface Vlan1
> > description Inside Network Interface
> > nameif inside/LAN
> > security-level 100
> > ip address 10.1.1.1 255.255.255.0
> > !
> > interface Vlan2
> > description Outside Network Interface
> > nameif outside/WAN
> > security-level 0
> > ip address 72.151.92.106 255.255.255.248
> > !
> > interface Ethernet0/0
> > switchport access vlan 2
> > !
> > interface Ethernet0/1
> > !
> > interface Ethernet0/2
> > !
> > interface Ethernet0/3
> > !
> > interface Ethernet0/4
> > !
> > interface Ethernet0/5
> > !
> > interface Ethernet0/6
> > !
> > interface Ethernet0/7
> > !
> > passwd 2KFQnbNIdI.2KYOU encrypted
> > ftp mode passive
> > clock timezone EST -5
> > clock summer-time EDT recurring
> > dns server-group DefaultDNS
> > domain-name jaszlink.net
> > same-security-traffic permit inter-interface
> > same-security-traffic permit intra-interface
> > access-list inbound extended permit tcp any host Exchange01 eq smtp
> > access-list inbound extended permit tcp any host DC01 eq 3389
> > access-list inbound extended permit tcp any host DC01 eq pptp
> > access-list inbound extended permit tcp any host Dev01 eq 5904
> > pager lines 24
> > logging enable
> > logging asdm informational
> > mtu inside/LAN 1500
> > mtu outside/WAN 1500
> > ip verify reverse-path interface outside/WAN
> > no failover
> > icmp unreachable rate-limit 1 burst-size 1
> > asdm image disk0:/asdm-522.bin
> > no asdm history enable
> > arp timeout 14400
> > nat (inside/LAN) 1 10.1.1.0 255.255.255.0
> > static (inside/LAN,outside/WAN) 72.151.92.107 DC01 netmask
> > 255.255.255.255
> > static (inside/LAN,outside/WAN) 72.151.92.108 Exchange01 netmask
> > 255.255.255.255
> > static (inside/LAN,outside/WAN) 72.151.92.110 Dev01 netmask
> > 255.255.255.255
> > static (inside/LAN,outside/WAN) 72.151.92.109 Project01 netmask
> > 255.255.255.255
> > access-group inbound in interface outside/WAN
> > timeout xlate 3:00:00
> > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
> > timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-
> > pat
> > 0:05:00
> > timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-
> > disconnect 0:02:00
> > timeout uauth 0:05:00 absolute
> > http server enable
> > http 10.1.1.0 255.255.255.0 inside/LAN
> > no snmp-server location
> > no snmp-server contact
> > snmp-server enable traps snmp authentication linkup linkdown
> > coldstart
> > telnet timeout 5
> > ssh timeout 5
> > console timeout 0
> > dhcpd update dns
> > !
> > dhcpd address 10.1.1.x-10.1.1.x inside/LAN
> > dhcpd dns 10.1.1.1 interface inside/LAN
> > dhcpd enable inside/LAN
> > !
> > dhcpd dns 205.152.37.23 205.152.132.23 interface outside/WAN
> > !

>
> > !
> > class-map inspection_default
> > match default-inspection-traffic
> > !
> > !
> > policy-map type inspect dns preset_dns_map
> > parameters
> > message-length maximum 512
> > policy-map global_policy
> > class inspection_default
> > inspect dns preset_dns_map
> > inspect ftp
> > inspect h323 h225
> > inspect h323 ras
> > inspect rsh
> > inspect rtsp
> > inspect esmtp
> > inspect sqlnet
> > inspect skinny
> > inspect sunrpc
> > inspect xdmcp
> > inspect sip
> > inspect netbios
> > inspect tftp

>
> > prompt hostname context
> > Cryptochecksumxxxx
> > : end

>
> Hello,
> when you have a routed subnet you must set the default route /for the
> internet/. So I don't can see your routing information.- Hide quoted text -
>
> - Show quoted text -


Hi
here is the example of the pix501 (not asa) config with BellSouth DSL

PIX Version 6.3(5)125
ip address outside pppoe setroute
vpdn group bellsouth request dialout pppoe
vpdn group bellsouth localname http://www.velocityreviews.com/forums/(E-Mail Removed)
vpdn group bellsouth ppp authentication pap
vpdn username (E-Mail Removed) password ********* store-local

you probable need to adjust config for asa a little

hope that helped
Roman Nakhmanson



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ASA 5550 behind ASA 5505 Dogg Child Cisco 4 06-08-2010 06:56 PM
Re: ASA 5505 behind ASA 5505 Dogg Child Cisco 0 06-07-2010 12:13 PM
ASA 5505 Configuration Questions tman Cisco 2 04-18-2008 07:18 PM
ASA 5505 Configuration Problems tman Cisco 6 04-11-2008 10:17 PM
ASA 5505 as hardware vpn client to PIX 501 or ASA 5505 with network extension mode activated bjorn@kumlait.se Cisco 1 06-17-2007 12:43 PM



Advertisments