I have exact same setup at home (Comast to PIX 501) and I haven't had any problems. I have a plain vanilla residential cable modem connection, nothing special, and my PIX picks up the IP through DHCP with no problems at all, and I get pretty good performance out of this connection. I have several servers (e-mail, web, terminal services,etc.) in my inside network with the PIX doing port redirection. I really didn't do anything special to get it to work with the Comcast cable modem. I just put in the following statement:
ip address outside dhcp ""Mark Odette II"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Has anybody out there dealt with one of these scenarios?!?! > > ComCast customer wanting to hook up their PIX 501 to their CableModem, and > use either DHCP, or a "Static" address on the outside interface; NAT and > Dynamic VPN configuration to connect back to HQ PIX also is in this picture. > > I spent several hours trying to get the PIX to work, but got intermittent > failure in Ping tests, traceroutes from inside workstation, and extremely > slow and mostly failed http requests from same said workstation's browser. > Called ComCast Tech support, they argued that the client account had to be a > "Comcast Pro" account to allow such a scenario (the VPNs from the customer > firewall), but did not specify what their definition of Firewall was until > quite later... which was Windows XP workstations running its "firewall" > capability. This ComCast Pro acct. was supposed to yield 5 "static" > addresses, but this was later defined as 5 addresses randomly chosen from a > 255.255.252.0-masked 68.60.x.x network and given "extended" lease > parameters. > > Tech support found something wrong with the config of the CableModem, did a > "reset of all systems" and still got no joy on the PIX...but the cable-modem > jacked directly into the workstation would work. :( > > Just as a checklist for the obvious question.... Yes, I had already defined > Unreachables, Echo-Reply, and Time-Exceeded to be allowed in from the > outside. I then even simply changed the rule to allow ICMP Any Any (applied > to the outside interface). > > I tried initially setting the PIX to try obtaining its IP via DHCP, but got > nothing.... and the Tech Engineer didn't report "seeing anything coming from > the PIX over the CableModem in terms of BootP/DHCP requests." > > Hard-Coding the IP of what was learned from the DHCP successful assignment > to the Workstation when it was connected directly to the CableModem yeilded > the spotty results. > > If anyone has any tips or tricks on how to make this work, either via DHCP > or Hard-coding the IP from the ISP, I'd be eternally greatful. The region > of the ComCast Network that this is being attempted on is in Rome, Georgia. > > Thanks, > Mark Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42571&t=42509 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
