Cisco ASA 5505 configuration for PPPOE/BellSouth

Discussion in 'Cisco' started by JASZTECH, Aug 12, 2007.

  1. JASZTECH

    JASZTECH Guest

    Hello all, I just purchased a Cisco ASA 5505 and I am having trouble
    configuring my device to work with my BellSouth DSL connection. I
    tried placing the Netopia 3347NWG in what's called bridge mode but
    then configure the 5505 for PPPOE but authentication continued to
    fail.
    Now I am going to try PPPoE with a Routed Subnet, using the
    instructions from the Netopia link below (http://www.netopia.com/
    support/hardware/technotes/CQG_042.html)

    I am including my current 5505 conf for your viewing. Any help or
    advice would be greatly appreciated.


    -JT-


    hostname JASZLINK-5505
    domain-name jaszlink.net
    enable password xxxxx encrypted
    names
    name 10.1.1.200 DC01 description Doman Controller
    name 10.1.1.206 Dev01 description Development Server
    name 10.1.1.202 Exchange01 description Exchange Server
    name 10.1.1.204 Project01 description Project Server
    !
    interface Vlan1
    description Inside Network Interface
    nameif inside/LAN
    security-level 100
    ip address 10.1.1.1 255.255.255.0
    !
    interface Vlan2
    description Outside Network Interface
    nameif outside/WAN
    security-level 0
    ip address 72.151.92.106 255.255.255.248
    !
    interface Ethernet0/0
    switchport access vlan 2
    !
    interface Ethernet0/1
    !
    interface Ethernet0/2
    !
    interface Ethernet0/3
    !
    interface Ethernet0/4
    !
    interface Ethernet0/5
    !
    interface Ethernet0/6
    !
    interface Ethernet0/7
    !
    passwd 2KFQnbNIdI.2KYOU encrypted
    ftp mode passive
    clock timezone EST -5
    clock summer-time EDT recurring
    dns server-group DefaultDNS
    domain-name jaszlink.net
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    access-list inbound extended permit tcp any host Exchange01 eq smtp
    access-list inbound extended permit tcp any host DC01 eq 3389
    access-list inbound extended permit tcp any host DC01 eq pptp
    access-list inbound extended permit tcp any host Dev01 eq 5904
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside/LAN 1500
    mtu outside/WAN 1500
    ip verify reverse-path interface outside/WAN
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-522.bin
    no asdm history enable
    arp timeout 14400
    nat (inside/LAN) 1 10.1.1.0 255.255.255.0
    static (inside/LAN,outside/WAN) 72.151.92.107 DC01 netmask
    255.255.255.255
    static (inside/LAN,outside/WAN) 72.151.92.108 Exchange01 netmask
    255.255.255.255
    static (inside/LAN,outside/WAN) 72.151.92.110 Dev01 netmask
    255.255.255.255
    static (inside/LAN,outside/WAN) 72.151.92.109 Project01 netmask
    255.255.255.255
    access-group inbound in interface outside/WAN
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-
    pat
    0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-
    disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    http server enable
    http 10.1.1.0 255.255.255.0 inside/LAN
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown
    coldstart
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd update dns
    !
    dhcpd address 10.1.1.x-10.1.1.x inside/LAN
    dhcpd dns 10.1.1.1 interface inside/LAN
    dhcpd enable inside/LAN
    !
    dhcpd dns 205.152.37.23 205.152.132.23 interface outside/WAN
    !


    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp


    prompt hostname context
    Cryptochecksum:xxxxx
    : end
     
    JASZTECH, Aug 12, 2007
    #1
    1. Advertising

  2. JASZTECH

    Guest

    On 12 Aug., 19:25, JASZTECH <> wrote:
    > Hello all, I just purchased a Cisco ASA 5505 and I am having trouble
    > configuring my device to work with my BellSouth DSL connection. I
    > tried placing the Netopia 3347NWG in what's called bridge mode but
    > then configure the 5505 for PPPOE but authentication continued to
    > fail.
    > Now I am going to try PPPoE with a Routed Subnet, using the
    > instructions from the Netopia link below (http://www.netopia.com/
    > support/hardware/technotes/CQG_042.html)
    >
    > I am including my current 5505 conf for your viewing. Any help or
    > advice would be greatly appreciated.
    >
    > -JT-
    >
    > hostname JASZLINK-5505
    > domain-name jaszlink.net
    > enable password xxxxx encrypted
    > names
    > name 10.1.1.200 DC01 description Doman Controller
    > name 10.1.1.206 Dev01 description Development Server
    > name 10.1.1.202 Exchange01 description Exchange Server
    > name 10.1.1.204 Project01 description Project Server
    > !
    > interface Vlan1
    > description Inside Network Interface
    > nameif inside/LAN
    > security-level 100
    > ip address 10.1.1.1 255.255.255.0
    > !
    > interface Vlan2
    > description Outside Network Interface
    > nameif outside/WAN
    > security-level 0
    > ip address 72.151.92.106 255.255.255.248
    > !
    > interface Ethernet0/0
    > switchport access vlan 2
    > !
    > interface Ethernet0/1
    > !
    > interface Ethernet0/2
    > !
    > interface Ethernet0/3
    > !
    > interface Ethernet0/4
    > !
    > interface Ethernet0/5
    > !
    > interface Ethernet0/6
    > !
    > interface Ethernet0/7
    > !
    > passwd 2KFQnbNIdI.2KYOU encrypted
    > ftp mode passive
    > clock timezone EST -5
    > clock summer-time EDT recurring
    > dns server-group DefaultDNS
    > domain-name jaszlink.net
    > same-security-traffic permit inter-interface
    > same-security-traffic permit intra-interface
    > access-list inbound extended permit tcp any host Exchange01 eq smtp
    > access-list inbound extended permit tcp any host DC01 eq 3389
    > access-list inbound extended permit tcp any host DC01 eq pptp
    > access-list inbound extended permit tcp any host Dev01 eq 5904
    > pager lines 24
    > logging enable
    > logging asdm informational
    > mtu inside/LAN 1500
    > mtu outside/WAN 1500
    > ip verify reverse-path interface outside/WAN
    > no failover
    > icmp unreachable rate-limit 1 burst-size 1
    > asdm image disk0:/asdm-522.bin
    > no asdm history enable
    > arp timeout 14400
    > nat (inside/LAN) 1 10.1.1.0 255.255.255.0
    > static (inside/LAN,outside/WAN) 72.151.92.107 DC01 netmask
    > 255.255.255.255
    > static (inside/LAN,outside/WAN) 72.151.92.108 Exchange01 netmask
    > 255.255.255.255
    > static (inside/LAN,outside/WAN) 72.151.92.110 Dev01 netmask
    > 255.255.255.255
    > static (inside/LAN,outside/WAN) 72.151.92.109 Project01 netmask
    > 255.255.255.255
    > access-group inbound in interface outside/WAN
    > timeout xlate 3:00:00
    > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    > timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-
    > pat
    > 0:05:00
    > timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-
    > disconnect 0:02:00
    > timeout uauth 0:05:00 absolute
    > http server enable
    > http 10.1.1.0 255.255.255.0 inside/LAN
    > no snmp-server location
    > no snmp-server contact
    > snmp-server enable traps snmp authentication linkup linkdown
    > coldstart
    > telnet timeout 5
    > ssh timeout 5
    > console timeout 0
    > dhcpd update dns
    > !
    > dhcpd address 10.1.1.x-10.1.1.x inside/LAN
    > dhcpd dns 10.1.1.1 interface inside/LAN
    > dhcpd enable inside/LAN
    > !
    > dhcpd dns 205.152.37.23 205.152.132.23 interface outside/WAN
    > !
    >
    > !
    > class-map inspection_default
    > match default-inspection-traffic
    > !
    > !
    > policy-map type inspect dns preset_dns_map
    > parameters
    > message-length maximum 512
    > policy-map global_policy
    > class inspection_default
    > inspect dns preset_dns_map
    > inspect ftp
    > inspect h323 h225
    > inspect h323 ras
    > inspect rsh
    > inspect rtsp
    > inspect esmtp
    > inspect sqlnet
    > inspect skinny
    > inspect sunrpc
    > inspect xdmcp
    > inspect sip
    > inspect netbios
    > inspect tftp
    >
    > prompt hostname context
    > Cryptochecksum:xxxxx
    > : end


    Hello,
    when you have a routed subnet you must set the default route /for the
    internet/. So I don't can see your routing information.
     
    , Aug 12, 2007
    #2
    1. Advertising

  3. JASZTECH

    Guest

    On Aug 12, 1:59 pm, wrote:
    > On 12 Aug., 19:25, JASZTECH <> wrote:
    >
    >
    >
    >
    >
    > > Hello all, I just purchased a Cisco ASA 5505 and I am having trouble
    > > configuring my device to work with my BellSouth DSL connection. I
    > > tried placing the Netopia 3347NWG in what's called bridge mode but
    > > then configure the 5505 for PPPOE but authentication continued to
    > > fail.
    > > Now I am going to try PPPoE with a Routed Subnet, using the
    > > instructions from the Netopia link below (http://www.netopia.com/
    > > support/hardware/technotes/CQG_042.html)

    >
    > > I am including my current 5505 conf for your viewing. Any help or
    > > advice would be greatly appreciated.

    >
    > > -JT-

    >
    > > hostname JASZLINK-5505
    > > domain-name jaszlink.net
    > > enable password xxxxx encrypted
    > > names
    > > name 10.1.1.200 DC01 description Doman Controller
    > > name 10.1.1.206 Dev01 description Development Server
    > > name 10.1.1.202 Exchange01 description Exchange Server
    > > name 10.1.1.204 Project01 description Project Server
    > > !
    > > interface Vlan1
    > > description Inside Network Interface
    > > nameif inside/LAN
    > > security-level 100
    > > ip address 10.1.1.1 255.255.255.0
    > > !
    > > interface Vlan2
    > > description Outside Network Interface
    > > nameif outside/WAN
    > > security-level 0
    > > ip address 72.151.92.106 255.255.255.248
    > > !
    > > interface Ethernet0/0
    > > switchport access vlan 2
    > > !
    > > interface Ethernet0/1
    > > !
    > > interface Ethernet0/2
    > > !
    > > interface Ethernet0/3
    > > !
    > > interface Ethernet0/4
    > > !
    > > interface Ethernet0/5
    > > !
    > > interface Ethernet0/6
    > > !
    > > interface Ethernet0/7
    > > !
    > > passwd 2KFQnbNIdI.2KYOU encrypted
    > > ftp mode passive
    > > clock timezone EST -5
    > > clock summer-time EDT recurring
    > > dns server-group DefaultDNS
    > > domain-name jaszlink.net
    > > same-security-traffic permit inter-interface
    > > same-security-traffic permit intra-interface
    > > access-list inbound extended permit tcp any host Exchange01 eq smtp
    > > access-list inbound extended permit tcp any host DC01 eq 3389
    > > access-list inbound extended permit tcp any host DC01 eq pptp
    > > access-list inbound extended permit tcp any host Dev01 eq 5904
    > > pager lines 24
    > > logging enable
    > > logging asdm informational
    > > mtu inside/LAN 1500
    > > mtu outside/WAN 1500
    > > ip verify reverse-path interface outside/WAN
    > > no failover
    > > icmp unreachable rate-limit 1 burst-size 1
    > > asdm image disk0:/asdm-522.bin
    > > no asdm history enable
    > > arp timeout 14400
    > > nat (inside/LAN) 1 10.1.1.0 255.255.255.0
    > > static (inside/LAN,outside/WAN) 72.151.92.107 DC01 netmask
    > > 255.255.255.255
    > > static (inside/LAN,outside/WAN) 72.151.92.108 Exchange01 netmask
    > > 255.255.255.255
    > > static (inside/LAN,outside/WAN) 72.151.92.110 Dev01 netmask
    > > 255.255.255.255
    > > static (inside/LAN,outside/WAN) 72.151.92.109 Project01 netmask
    > > 255.255.255.255
    > > access-group inbound in interface outside/WAN
    > > timeout xlate 3:00:00
    > > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    > > timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-
    > > pat
    > > 0:05:00
    > > timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-
    > > disconnect 0:02:00
    > > timeout uauth 0:05:00 absolute
    > > http server enable
    > > http 10.1.1.0 255.255.255.0 inside/LAN
    > > no snmp-server location
    > > no snmp-server contact
    > > snmp-server enable traps snmp authentication linkup linkdown
    > > coldstart
    > > telnet timeout 5
    > > ssh timeout 5
    > > console timeout 0
    > > dhcpd update dns
    > > !
    > > dhcpd address 10.1.1.x-10.1.1.x inside/LAN
    > > dhcpd dns 10.1.1.1 interface inside/LAN
    > > dhcpd enable inside/LAN
    > > !
    > > dhcpd dns 205.152.37.23 205.152.132.23 interface outside/WAN
    > > !

    >
    > > !
    > > class-map inspection_default
    > > match default-inspection-traffic
    > > !
    > > !
    > > policy-map type inspect dns preset_dns_map
    > > parameters
    > > message-length maximum 512
    > > policy-map global_policy
    > > class inspection_default
    > > inspect dns preset_dns_map
    > > inspect ftp
    > > inspect h323 h225
    > > inspect h323 ras
    > > inspect rsh
    > > inspect rtsp
    > > inspect esmtp
    > > inspect sqlnet
    > > inspect skinny
    > > inspect sunrpc
    > > inspect xdmcp
    > > inspect sip
    > > inspect netbios
    > > inspect tftp

    >
    > > prompt hostname context
    > > Cryptochecksum:xxxxx
    > > : end

    >
    > Hello,
    > when you have a routed subnet you must set the default route /for the
    > internet/. So I don't can see your routing information.- Hide quoted text -
    >
    > - Show quoted text -


    Hi
    here is the example of the pix501 (not asa) config with BellSouth DSL

    PIX Version 6.3(5)125
    ip address outside pppoe setroute
    vpdn group bellsouth request dialout pppoe
    vpdn group bellsouth localname
    vpdn group bellsouth ppp authentication pap
    vpdn username password ********* store-local

    you probable need to adjust config for asa a little

    hope that helped
    Roman Nakhmanson
     
    , Aug 13, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Nordien
    Replies:
    0
    Views:
    3,393
    John Nordien
    Nov 22, 2004
  2. Replies:
    1
    Views:
    3,404
  3. Giuen
    Replies:
    0
    Views:
    1,160
    Giuen
    Sep 12, 2008
  4. colin
    Replies:
    1
    Views:
    4,860
    colin
    Feb 27, 2009
  5. Dogg Child

    Re: ASA 5505 behind ASA 5505

    Dogg Child, Jun 7, 2010, in forum: Cisco
    Replies:
    0
    Views:
    703
    Dogg Child
    Jun 7, 2010
Loading...

Share This Page