Options
FIOS Router Passthrough
BroadcastStorm
Member Posts: 496
in CCNP
Hi guys,
I am trying to setup my pix firewall cisco 501, it's currently connected to my home router/modem Westell-A90-9100EM15-10, the scenario I am playing in my head is the following.
Model Name: A90-9100EM15-101. Setup the router/modem as a bridge connecting to my PIX Firewall that will act as a primary router.
2. Allow all port passthrough for VPN connectivity/NAT/PAT/ACL, etc.
Has anyone done this at their home lab? is this possible?
Thanks!
I am trying to setup my pix firewall cisco 501, it's currently connected to my home router/modem Westell-A90-9100EM15-10, the scenario I am playing in my head is the following.
Model Name: A90-9100EM15-101. Setup the router/modem as a bridge connecting to my PIX Firewall that will act as a primary router.
2. Allow all port passthrough for VPN connectivity/NAT/PAT/ACL, etc.
Has anyone done this at their home lab? is this possible?
Thanks!
Comments
-
Options
Forsaken_GA
Member Posts: 4,024
BroadcastStorm wrote: »Hi guys,
I am trying to setup my pix firewall cisco 501, it's currently connected to my home router/modem Westell-A90-9100EM15-10, the scenario I am playing in my head is the following.
Model Name: A90-9100EM15-101. Setup the router/modem as a bridge connecting to my PIX Firewall that will act as a primary router.
2. Allow all port passthrough for VPN connectivity/NAT/PAT/ACL, etc.
Has anyone done this at their home lab? is this possible?
Thanks!
I've done it before, not with that particular model of modem though. If the modem supports pass through, you should just be able to hook it up to the pix, and configure the PIX's interface through whatever means your ISP provisions it's IP's (usually DHCP). At that point the cable modem is bridging the network to your gear, and as far as the outside world is concerned, your gear is the endpoint -
OptionsBroadcastStorm
Member Posts: 496
The Westell Router is COAX or they call it MOCA, I read something on Verizon's website that I can request them to terminate an ethernet hand off to the ONT (probably the FIOS box), instead of a coaxial cable, althought this practice is for pure internet access only, since I have a FIOS Cable TV, I am still allowed to reverse things and make the Westell another router connected to the PIX Firewall (main router).
I will phone Verizon tomorrow and ask them to give me an ethernet hand-off. -
Options
jamesp1983
Member Posts: 2,475 ■■■■□□□□□□
Make your actiontec a bridge with VOD working with REV D - Verizon Fiber Optics | DSLReports Forums
http://www22.verizon.com/residentialhelp/highspeed/networking/setup/questionsone/123765.htm
similar...second link talks about westell 6100
I work for a company that works with a lot of small to medium sized businesses. You can configure the modem with a DMZ host set to your PIX ext interface. You can make a transit network between the Modem and PIX. (i.e.; 10.1.10.1 = internal int of Westell modem, ext int of pix is 10.1.10.2). Turn off the connection firewall on the ext int of the Modem. Make sure you disable DHCP on the modem. You can have the pix take over that role. Set the 0.0.0.0 0.0.0.0 route to the internal int of the Westell modem. This should work. You may have to powercycle the Westell modem.
I have seen situations where setting the Westell modem to bridge mode causes the STBs to stop functioning properly. (Channel listing fails). That's why we do this DMZ method."Check both the destination and return path when a route fails." "Switches create a network. Routers connect networks." -
Options
tiersten
Member Posts: 4,505
Your Google-fu is weak. Second result for googling 9100EM Bridge. -
OptionsBroadcastStorm
Member Posts: 496
I was able to change my internet hand-off to ethernet, although I thought when I plug the ethernet directly to my Cisco PIX 501 that DHCP will automatically obtain it's ip address which is not the case errr :P I'm sure I'm missing something here...
pixfirewall(config)# show ip address outside dhcp
Temp IP addr: 0.0.0.0 for peer on Interface: outside
Temp sub net mask: 0.0.0.0
DHCP Lease server: 0.0.0.0, state: 1 Selecting
DHCP transaction id: 0x209EBF
Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
Next timer fires after: 0 seconds
Retry count: 1 Client-ID: cisco-000f.8fe5.cab6-outside
pixfirewall# show interface
interface ethernet0 "outside" is up, line protocol is up
Hardware is i82559 ethernet, address is 000f.8fe5.cab6
MTU 1500 bytes, BW 100000 Kbit full duplex
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
398 packets output, 234820 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
6 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/12
software (0/0)
output queue (curr/max blocks): hardware (0/1) software (0/1) -
Optionsmikeasa
Registered Users Posts: 1 ■□□□□□□□□□
I tried this on my westell and couldn't get it to bridge/bypass straight to my ASA
bummer. Any idea how to resolve?
