FIOS Router Passthrough

BroadcastStormBroadcastStorm Member Posts: 496
in CCNP
Hi guys,

I am trying to setup my pix firewall cisco 501, it's currently connected to my home router/modem Westell-A90-9100EM15-10, the scenario I am playing in my head is the following.


Model Name: A90-9100EM15-101. Setup the router/modem as a bridge connecting to my PIX Firewall that will act as a primary router.

2. Allow all port passthrough for VPN connectivity/NAT/PAT/ACL, etc.

Has anyone done this at their home lab? is this possible?


Thanks!
· Share on FacebookShare on Twitter

Comments

  • Forsaken_GAForsaken_GA Member Posts: 4,024
    BroadcastStorm wrote: »
    Hi guys,

    I am trying to setup my pix firewall cisco 501, it's currently connected to my home router/modem Westell-A90-9100EM15-10, the scenario I am playing in my head is the following.


    Model Name: A90-9100EM15-101. Setup the router/modem as a bridge connecting to my PIX Firewall that will act as a primary router.

    2. Allow all port passthrough for VPN connectivity/NAT/PAT/ACL, etc.

    Has anyone done this at their home lab? is this possible?


    Thanks!

    I've done it before, not with that particular model of modem though. If the modem supports pass through, you should just be able to hook it up to the pix, and configure the PIX's interface through whatever means your ISP provisions it's IP's (usually DHCP). At that point the cable modem is bridging the network to your gear, and as far as the outside world is concerned, your gear is the endpoint
    · Share on FacebookShare on Twitter
  • BroadcastStormBroadcastStorm Member Posts: 496
    The Westell Router is COAX or they call it MOCA, I read something on Verizon's website that I can request them to terminate an ethernet hand off to the ONT (probably the FIOS box), instead of a coaxial cable, althought this practice is for pure internet access only, since I have a FIOS Cable TV, I am still allowed to reverse things and make the Westell another router connected to the PIX Firewall (main router).

    I will phone Verizon tomorrow and ask them to give me an ethernet hand-off.
    · Share on FacebookShare on Twitter
  • jamesp1983jamesp1983 Member Posts: 2,475 ■■■■□□□□□□
    Make your actiontec a bridge with VOD working with REV D - Verizon Fiber Optics | DSLReports Forums

    http://www22.verizon.com/residentialhelp/highspeed/networking/setup/questionsone/123765.htm

    similar...second link talks about westell 6100


    I work for a company that works with a lot of small to medium sized businesses. You can configure the modem with a DMZ host set to your PIX ext interface. You can make a transit network between the Modem and PIX. (i.e.; 10.1.10.1 = internal int of Westell modem, ext int of pix is 10.1.10.2). Turn off the connection firewall on the ext int of the Modem. Make sure you disable DHCP on the modem. You can have the pix take over that role. Set the 0.0.0.0 0.0.0.0 route to the internal int of the Westell modem. This should work. You may have to powercycle the Westell modem.

    I have seen situations where setting the Westell modem to bridge mode causes the STBs to stop functioning properly. (Channel listing fails). That's why we do this DMZ method.
    "Check both the destination and return path when a route fails." "Switches create a network. Routers connect networks."
    · Share on FacebookShare on Twitter
  • tierstentiersten Member Posts: 4,505
    Your Google-fu is weak. Second result for googling 9100EM Bridge.
    · Share on FacebookShare on Twitter
  • BroadcastStormBroadcastStorm Member Posts: 496
    Nice info guys, thanks!!! icon_cheers.gif
    · Share on FacebookShare on Twitter
  • BroadcastStormBroadcastStorm Member Posts: 496
    I was able to change my internet hand-off to ethernet, although I thought when I plug the ethernet directly to my Cisco PIX 501 that DHCP will automatically obtain it's ip address which is not the case errr :P I'm sure I'm missing something here...

    pixfirewall(config)# show ip address outside dhcp
    Temp IP addr: 0.0.0.0 for peer on Interface: outside
    Temp sub net mask: 0.0.0.0
    DHCP Lease server: 0.0.0.0, state: 1 Selecting
    DHCP transaction id: 0x209EBF
    Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
    Next timer fires after: 0 seconds
    Retry count: 1 Client-ID: cisco-000f.8fe5.cab6-outside

    pixfirewall# show interface
    interface ethernet0 "outside" is up, line protocol is up
    Hardware is i82559 ethernet, address is 000f.8fe5.cab6
    MTU 1500 bytes, BW 100000 Kbit full duplex
    0 packets input, 0 bytes, 0 no buffer
    Received 0 broadcasts, 0 runts, 0 giants
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    398 packets output, 234820 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    0 babbles, 0 late collisions, 0 deferred
    6 lost carrier, 0 no carrier
    input queue (curr/max blocks): hardware (128/12icon_cool.gif software (0/0)
    output queue (curr/max blocks): hardware (0/1) software (0/1)
    · Share on FacebookShare on Twitter
  • mikeasamikeasa Registered Users Posts: 1 ■□□□□□□□□□
    I tried this on my westell and couldn't get it to bridge/bypass straight to my ASA icon_sad.gif bummer. Any idea how to resolve?
    · Share on FacebookShare on Twitter
Sign In or Register to comment.