No announcement yet.

ASA + ADSL modem gateway issue

  • Filter
  • Time
  • Show
Clear All
new posts

  • ASA + ADSL modem gateway issue

    Hi All,

    I am new to Cisco and would really appreciate some help setting up a first config.

    I have an ASA 5510 configured with inside, outside and dmz interfaces. I want the outside interface to connect to an ADSL line with the least fuss. To this end I bought a D-Link 320B Ethernet modem. The modem once configured picks up my static IP from my ISP via DHCP and passes it to the Outside interface on the ASA. It doesn't seem to get the default gateway though, in my routing table there is a default route to which was the management address of the modem. This is what appeared on my laptop when I plug the modem into it and I get a connection on that (wierd). I tried configuring a static default route to the actual ISP gateway but I got DHCP errors.

    d [1/0] via, Outside
    C is directly connected, Inside
    C is directly connected, Outside

    Is it the modem that is the problem (also, what does the "d" signify)?

    Here is my running config, please let me know if there is anything wrong here. It is supposed to be PAT overload for the hosts with some port forwarding routes.

    hostname gbch-asa
    enable password BZBNYynmJZ3FnrjK encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    interface Ethernet0/0
    nameif Outside
    security-level 0
    ip address dhcp setroute
    interface Ethernet0/1
    nameif DMZ
    security-level 10
    ip address
    interface Ethernet0/2
    nameif Inside
    security-level 100
    ip address
    interface Ethernet0/3
    no nameif
    no security-level
    no ip address
    interface Management0/0
    nameif management
    security-level 100
    ip address
    ftp mode passive
    access-list Outside_access_in extended permit tcp any host eq www
    access-list Outside_access_in extended permit tcp any host eq smtp
    access-list Outside_access_in extended permit tcp any host eq pptp
    access-list Outside_access_in extended permit tcp any host eq 3389
    pager lines 24
    logging enable
    logging asdm informational
    mtu management 1500
    mtu Outside 1500
    mtu DMZ 1500
    mtu Inside 1500
    no failover
    asdm image disk0:/asdm-508.bin
    no asdm history enable
    arp timeout 14400
    global (Outside) 200 interface
    nat (Inside) 200
    static (Inside,Outside) tcp smtp smtp netmask
    static (Inside,Outside) tcp www www netmask
    static (Inside,Outside) tcp https https netmask
    static (Inside,Outside) tcp pptp pptp netmask
    static (Inside,Outside) tcp 3389 3389 netmask
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
    timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    http server enable
    http management
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd address management
    dhcpd lease 3600
    dhcpd ping_timeout 50
    dhcpd enable management
    class-map inspection_default
    match default-inspection-traffic
    policy-map global_policy
    class inspection_default
    inspect dns maximum-length 512
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    service-policy global_policy global

    Thanks oin advance,

    Last edited by smallgreen; 22nd December 2008, 21:55.

  • #2
    Re: ASA + ADSL modem gateway issue

    The "d" probably means default, certainly when you manually type a route in then you use the details for default.

    I had a cable modem / company once that registed the MAC address of the first client and would only server that host. Can you connect another machine to the modem and get it to work ok?

    I can't see an access-group command for the access-lists you have configured.

    If your external interface is setup as 192.168.1.x /24 then you would need to setup port mappings for the 212.x.x.x addresses on the modem as it is a different network. Can this modem actually pass through everything rather than NAT?

    What do you get if you run "show ip"

    Can you ping anything external from the ASA?

    Please read this before you post:

    Quis custodiet ipsos custodes?


    • #3
      Re: ASA + ADSL modem gateway issue

      Hi Andy,

      I not given the modem by my ISP it was bought for this role, as such I wouldn't expect it to do any MAC locking. I will however check it as you say.

      Can you please give me an example of how to add the access-group to the config (newbie here). :/

      I wanted the moden to handle just the ppp connection and the ASA to do the routing.

      The external interface is set up to recieve its IP address from the ISP via the modem, which it does (see route for external enterface; IP changed). I think the modem does some layer 2 magic to bridge the connection and bypass the modem. I'm not really sure of the details. The modem has a management socket on IP to do the initial config/ppp dialup but the ASA external int should use the IP picked up from the ISP via DHCP and get the ISP gateway. It's this that doesn't seem to be happening.

      Either that or the modem is not fit for purpose.

      I will post the show IP when I get back.

      Merry Christmas everyone.

      Last edited by smallgreen; 25th December 2008, 18:46.


      • #4
        Re: ASA + ADSL modem gateway issue

        OK, I'm back.

        We have the ASA configured to use a dynamically assigned IP address and default route. We have installed a Lynksys AM200 ADSL modem in front of it to do the ADSL bit. Our ISP provides us with our static IP via DHCP but also assigns us a dynamic default gateway which is not on the same subnet as our public IP?!??!

        When we have the Lynksys configured to do PPPoA then the public address is passed to the ASA but the default gate/route was set to (the lan ip of the Lynksys).

        We tried 1483 bridged mode on the lynksys with the ASA configured to use PPPoE authentication we got no internet light on the modem and the PPPoE session on the ASA would not establish.

        When we tried full bridged mode on the lynksys with the ASA configured to use PPPoE authentication we got an internet light on the modem but the PPPoE session on the ASA still would not establish.

        We are not really sure what the Lynksys is actually doing in the various bridging modes. What we think we want is for the modem to convert the PPPoA packets into PPPoE packets and the authentication to be done on the ASA, don't we??!??

        Mightily confused, SG