FIOS Router Passthrough

Hi guys,

I am trying to setup my pix firewall cisco 501, it's currently connected to my home router/modem Westell-A90-9100EM15-10, the scenario I am playing in my head is the following.

Model Name: A90-9100EM15-101. Setup the router/modem as a bridge connecting to my PIX Firewall that will act as a primary router.

2. Allow all port passthrough for VPN connectivity/NAT/PAT/ACL, etc.

Has anyone done this at their home lab? is this possible?

Thanks!

Find more posts tagged with

Comments

Forsaken_GA

BroadcastStorm wrote: »

Hi guys,

I am trying to setup my pix firewall cisco 501, it's currently connected to my home router/modem Westell-A90-9100EM15-10, the scenario I am playing in my head is the following.

Model Name: A90-9100EM15-101. Setup the router/modem as a bridge connecting to my PIX Firewall that will act as a primary router.

2. Allow all port passthrough for VPN connectivity/NAT/PAT/ACL, etc.

Has anyone done this at their home lab? is this possible?

Thanks!

I've done it before, not with that particular model of modem though. If the modem supports pass through, you should just be able to hook it up to the pix, and configure the PIX's interface through whatever means your ISP provisions it's IP's (usually DHCP). At that point the cable modem is bridging the network to your gear, and as far as the outside world is concerned, your gear is the endpoint

BroadcastStorm

The Westell Router is COAX or they call it MOCA, I read something on Verizon's website that I can request them to terminate an ethernet hand off to the ONT (probably the FIOS box), instead of a coaxial cable, althought this practice is for pure internet access only, since I have a FIOS Cable TV, I am still allowed to reverse things and make the Westell another router connected to the PIX Firewall (main router).

I will phone Verizon tomorrow and ask them to give me an ethernet hand-off.

jamesp1983

Make your actiontec a bridge with VOD working with REV D - Verizon Fiber Optics | DSLReports Forums

http://www22.verizon.com/residentialhelp/highspeed/networking/setup/questionsone/123765.htm

similar...second link talks about westell 6100

I work for a company that works with a lot of small to medium sized businesses. You can configure the modem with a DMZ host set to your PIX ext interface. You can make a transit network between the Modem and PIX. (i.e.; 10.1.10.1 = internal int of Westell modem, ext int of pix is 10.1.10.2). Turn off the connection firewall on the ext int of the Modem. Make sure you disable DHCP on the modem. You can have the pix take over that role. Set the 0.0.0.0 0.0.0.0 route to the internal int of the Westell modem. This should work. You may have to powercycle the Westell modem.

I have seen situations where setting the Westell modem to bridge mode causes the STBs to stop functioning properly. (Channel listing fails). That's why we do this DMZ method.

tiersten

Your Google-fu is weak. Second result for googling 9100EM Bridge.

BroadcastStorm

Nice info guys, thanks!!!

BroadcastStorm

I was able to change my internet hand-off to ethernet, although I thought when I plug the ethernet directly to my Cisco PIX 501 that DHCP will automatically obtain it's ip address which is not the case errr :P I'm sure I'm missing something here...

pixfirewall(config)# show ip address outside dhcp
Temp IP addr: 0.0.0.0 for peer on Interface: outside
Temp sub net mask: 0.0.0.0
DHCP Lease server: 0.0.0.0, state: 1 Selecting
DHCP transaction id: 0x209EBF
Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
Next timer fires after: 0 seconds
Retry count: 1 Client-ID: cisco-000f.8fe5.cab6-outside

pixfirewall# show interface
interface ethernet0 "outside" is up, line protocol is up
Hardware is i82559 ethernet, address is 000f.8fe5.cab6
MTU 1500 bytes, BW 100000 Kbit full duplex
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
398 packets output, 234820 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
6 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/12

software (0/0)
output queue (curr/max blocks): hardware (0/1) software (0/1)

mikeasa

I tried this on my westell and couldn't get it to bridge/bypass straight to my ASA

bummer. Any idea how to resolve?