m

Having configured a number of the smaller ASA5505’s to make use of an ADSL modem via PPPoE, oddly enough it’s finally been my first setup with a block of IPs from the ISP over a single static address.

Below is a quick overview of creating the PPPoE dialer making use of PAT (pretty standard for smaller businesses in the UK). Set up wise I often opt for the Draytek 120 DSL Modems as I’ve had pretty good results with these, this would be connected to the Ethernet0/0 interface on VLAN2.

Writing it on the fly so I’m sure I’ll come back and review / bulk out.

Note – These configs are based on ASA versions 8.4 and above

The below creates the PPPoE dialer, configures a VLAN interface to use the dialer and then associates this VLAN to a physical ethernet port. An example of Dynamic NAT is also shown as this is pretty standard for smaller networks to allow ‘PAT’ to share the IP assigned by the ISP.

The above is great for a single static IP that an ISP assigns via DHCP when connecting, however a setup recently caused problems as the ASA didn’t like obtaining the block of IPs that the ISP tried to dish out.

To resolve this we can ammend the “ip address pppoe setroute” statement to the following “ip address 1.1.1.1 255.255.255.255 pppoe setroute”

This will statically assign the specific IP required on the interface and still look to assign the default gateway details based on what the ISP give sout. As a side note even if the IP is entered as a block such as 1.1.1.1 255.255.255.0 it will still show it’s subnet as 255.255.255.255.

To then statically map port forwards you can use the below as some examples. If the interface IP is required for a port map you must use interface as the term, not the IP address.

Now it’s just a case of allowing the traffic through via access lists