Yes, I still have to use the PPPoE password and username. I don't like it, but does that make it more secure? What does it use for security if you don't use PPPOE?
Someone is coming in today from corporate, talking about us connecting to their VPN connection. I have no idea what system they are talking about (checkpoint, microsoft?), but it should be interesting over ADSL as well. I know ADSL does not stay up all the time. Maybe I need some keepalives to make this work. I never tried VPN over ADSL. Yea, I actually have 2 ADSL lines, both get dynamic IPs. I use dynu.com to map my IP to may domain name. works well so far. One line is right into a cheapy router, which, on the router I give it the PPPOE name and pass. I use port forwarding on the router, plus a firewall. On the other ADSL line, I have the Pix hooked up. It is not working yet cause its only 6.1(2). I am also getting another Pix 515 at another site which ill have access too. Maybe do some VPN-VPN stuff. I would think 6.2 just ads the VPDN command. I know the 515 is not considered a SOHO, but maybe that's why its not listed. I am going to try it, and find out. When I first started playing with the pix, it had the VPDN command on 6.1(2), but it only had PPTP and some other stuff, but not PPPoE. A couple of questions I wanted to throw at you. If I have 1 IP, say I use PPPOE on the outside interface, and that is my only IP. Say its 172.168.x.x. Then I use on my DMZ card 10.10.1.1, is the Pix doing nat at that point to the DMZ? Or maybe just forwarding? Is the best case scenereo for speed to use the same subnet as your router on the DMZ? Does the pix use Nat from the outside to inside? If I use a router, I would have to do Nat there, then across the pix, nat again, and on my load blancers Nat again. (this might slow stuff down) and I mean if it wasn't on the DMZ. I was also looking up the difference between having a 4 port DMZ card, vs a 1 port. I guess the benefits would be. 4-port, faster, you can make 4 subnets. You can lock down each interface, like only allow HTTP. Better security. Am I missing any? I was also reading how Nat not configured right on a firewall can change the Hash algorithms. I think eventually I will switch to a T1. We bought some load balancers, and I was surprised that they did NAT too. Coyotote Point (really FreeBSD). I think other "web switches" don't use nat, so now I am wondering if it was better to get a web switch, then this FREEBSD device that does nat. (mind you it was assigned to me, I didn't pick this platform). I went to school for Alteon Web switches a few years ago, they seemed really good. I don't know who is the best now. I am getting up to speed on all this stuff. I am doing the basic pix firewall course now, and reading the book. I also got the brand new Advanced Pix firewall course the 2nd version, just released. Brian Zeitz MCSE, CCNP -----Original Message----- From: Mark Odette II [mailto:[EMAIL PROTECTED]] Sent: Monday, May 06, 2002 4:59 PM To: [EMAIL PROTECTED] Subject: RE: Configuring Pix with EnterNet DSL [7:43302] Brian... I'd be interested to hear what your results are... as the documentation for 6.2 says that it only supports PPPoE/DHCP connections on the 501 and 506 models of PIX. If you get it to work on the 515, that would be good to know. Since you changed GSPs, does that mean that you don't have to worry about PPPoE, and you just simply get a Dynamic IP straight off the wire?? Only reason I ask is, I have SWB DSL, and it's the "Enhanced" service, which simply means I get 5 static IPs assigned to me. The technical difference for my CPE connecting to them, whether it be a Cisco Router or the PIX, is that I don't have to configure the User ID/Password Authentication stuff anymore.... which was something I had to do with the Basic Service, and it was dependent upon PPPoE. Anyway... let us know how you do! Mark -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian Zeitz Sent: Monday, May 06, 2002 11:31 AM To: [EMAIL PROTECTED] Subject: RE: Configuring Pix with EnterNet DSL [7:43302] I am going to try to hook up a Pix to an ADSL line with a dynamic IP, this should be interesting. In the past I have tried Microsoft ISA SERver 2000 Enterprise with ADSL, it had a lot of trouble binding the packet filters cause the IP was dynamic. The fix, install a Netgear router before the firewall. Also for PPPoE testing purposes, Windows XP has the PPPoE stuff built in it. All you need is a XP machine, and a DSL Modem. Use BroadBand connection when creating an internet connection. Good when the service provider INSISTs that you have 1 PC hooked up to the DSL modem. Even though you own a business account. This is the biggest scam in the book, but I don't pay the bill ;) Now, I am going to try a Pix 515U, with an ADSL dynamic IP. I am not sure what the results will be. I could buy another cheapy router, but just to learn it, and see what results I get, im going to hook it up to the DSL line. This is just for development. Eventually I will get real cisco routers. Also I had verizon change my ADSL Global Service provider. I was having some routing problems within verizons network. Now I have Qwest, and everything is cool. So ill try the pix with the new GSP. If anyone wants to contact me about ADSL or pIx 515 stuff, feel free. -----Original Message----- From: Mark Odette II [mailto:[EMAIL PROTECTED]] Sent: Saturday, May 04, 2002 3:20 PM To: [EMAIL PROTECTED] Subject: RE: Configuring Pix with EnterNet DSL [7:43302] Ronnie- I assume you are referring to the fact that your DSL is PPPoE DSL (You have to install the EnterNet DSL software on your computer if you want to access the DSL Gateway and connect to the internet (which also means you use a User Name/Password combination to connect) ....correct!?! If so, what model PIX do you have? The 501/506 models support PPPoE under 6.2.1. The following link should get you started.... http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/ pixc lnt.htm Mark -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ronnie Higginbotham Sent: Saturday, May 04, 2002 10:32 AM To: [EMAIL PROTECTED] Subject: Configuring Pix with EnterNet DSL [7:43302] I am new to the Pix setup has anybody configured a PIX with EnterNet DSL setup. Any config help would be appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43496&t=43302 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
