Has anybody out there dealt with one of these scenarios?!?! ComCast customer wanting to hook up their PIX 501 to their CableModem, and use either DHCP, or a "Static" address on the outside interface; NAT and Dynamic VPN configuration to connect back to HQ PIX also is in this picture.
I spent several hours trying to get the PIX to work, but got intermittent failure in Ping tests, traceroutes from inside workstation, and extremely slow and mostly failed http requests from same said workstation's browser. Called ComCast Tech support, they argued that the client account had to be a "Comcast Pro" account to allow such a scenario (the VPNs from the customer firewall), but did not specify what their definition of Firewall was until quite later... which was Windows XP workstations running its "firewall" capability. This ComCast Pro acct. was supposed to yield 5 "static" addresses, but this was later defined as 5 addresses randomly chosen from a 255.255.252.0-masked 68.60.x.x network and given "extended" lease parameters. Tech support found something wrong with the config of the CableModem, did a "reset of all systems" and still got no joy on the PIX...but the cable-modem jacked directly into the workstation would work. :( Just as a checklist for the obvious question.... Yes, I had already defined Unreachables, Echo-Reply, and Time-Exceeded to be allowed in from the outside. I then even simply changed the rule to allow ICMP Any Any (applied to the outside interface). I tried initially setting the PIX to try obtaining its IP via DHCP, but got nothing.... and the Tech Engineer didn't report "seeing anything coming from the PIX over the CableModem in terms of BootP/DHCP requests." Hard-Coding the IP of what was learned from the DHCP successful assignment to the Workstation when it was connected directly to the CableModem yeilded the spotty results. If anyone has any tips or tricks on how to make this work, either via DHCP or Hard-coding the IP from the ISP, I'd be eternally greatful. The region of the ComCast Network that this is being attempted on is in Rome, Georgia. Thanks, Mark Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42509&t=42509 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]