Configure Perimeter Router

I currently have thie type of setup:

Internet --> Cisco 827 --> PIX 506e --> Catalyst 2950 --> LAN

I need to configure a perimeter router with a ADSL WIC. It will look like this:

Internet --> Cisco 1751 --> PIX 506e --> Catalyst 2950 --> LAN

My problem is that I currently have the Cisco 827 briging the ADSL signal and the PIX outside interface is assigned the public IP. I have tried everything to get the 1751 to bridge and from what I have read it looks like I will have to assign the public IP to the ADSL WIC interface and then give the outside PIX interface an inside address.

Does anyone have any ideas how to best achieve this as I currently have static tunnels and VPN clients configured on the PIX and the thought of totally reconfiguring the PIX is not too apealing.

Here is my current PIX config.

PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password v914w4bB4kaU0ypy encrypted passwd OZk0LVfY42vMqD6A encrypted hostname pixfirewall domain-name clock timezone EST -5 fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name Athlon access-list PROTECT permit ip access-list 102 permit ip access-list 102 permit ip access-list 100 deny icmp any any echo access-list 100 permit icmp any any echo-reply access-list 100 permit icmp any any unreachable access-list 100 permit icmp any any time-exceeded access-list 100 permit udp any eq domain any pager lines 24 logging on logging timestamp logging trap warnings logging history warnings logging host inside Athlon format emblem icmp permit host outside icmp deny any outside mtu outside 1500 mtu inside 1500 ip address outside ip address inside ip verify reverse-path interface outside ip audit info action alarm ip audit attack action alarm ip local pool pool pdm location outside pdm location outside pdm location Athlon inside pdm location outside pdm location outside pdm location outside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 102 nat (inside) 1 0 0 access-group 100 in interface outside route outside 1 timeout xlate 1:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local aaa authentication http console LOCAL aaa authentication ssh console LOCAL no ntp authenticate http server enable http outside http inside http Athlon inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps tftp-server inside Athlon / floodguard enable sysopt connection permit-ipsec sysopt noproxyarp outside sysopt noproxyarp inside crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto dynamic-map map2 20 set pfs group2 crypto dynamic-map map2 20 set transform-set ESP-AES-256-SHA crypto map map1 10 ipsec-isakmp crypto map map1 10 match address PROTECT crypto map map1 10 set pfs group2 crypto map map1 10 set peer crypto map map1 10 set transform-set ESP-AES-256-SHA crypto map map1 20 ipsec-isakmp dynamic map2 crypto map map1 client authentication LOCAL crypto map map1 interface outside isakmp enable outside isakmp key ******** address netmask no-xauth no-config-mode isakmp identity address isakmp keepalive 20 10 isakmp nat-traversal 20 isakmp policy 10 authentication pre-share isakmp policy 10 encryption aes-256 isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 28800 isakmp policy 11 authentication rsa-sig isakmp policy 11 encryption des isakmp policy 11 hash sha isakmp policy 11 group 1 isakmp policy 11 lifetime 86400 isakmp policy 20 authentication pre-share isakmp policy 20 encryption aes-256 isakmp policy 20 hash sha isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 vpngroup vpn address-pool pool vpngroup vpn split-tunnel 102 vpngroup vpn pfs vpngroup vpn idle-time 1800 vpngroup vpn password ******** telnet Athlon inside telnet timeout 15 ssh timeout 10 management-access inside console timeout 30 dhcpd address inside dhcpd dns dhcpd lease 21600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside username xxx password ZKvuR/E4cb5TutkE encrypted privilege 15 terminal width 80 banner exec Enter your password carefully banner login Enter your password to log in banner motd Authorized Access only banner motd This system is the property of xxx. banner motd UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED. banner motd You must have explicit permission to access this banner motd device. All activities performed on this device banner motd are logged. Any violations of access policy will result banner motd in disciplinary action. Cryptochecksum:af631c39892e74a279f043d0da360e82 : end

Any ideas would be appreciated.

Reply to
Loading thread data ...

Hi Todd,

You may wish to investigate the ADSL WAN Interface Card Data Sheet:

formatting link
As you need IOS 12.3T

Dynamic Configuration Tool results:


10/100 Modular Router w/ 3 slots, IOS IP, 32F/64D

S17C7P-12311T Cisco 1700 IOS IP/ADSL PLUS


1-port ADSLoPOTS WIC with Dying Gasp


1-port ADSLoISDN Wan Interface Card

12.3T series IOS with IP/ADSL Plus feature set, WIC-1ADSL-DG is recognized by the router.

Check your DRAM and flash requirements in case a lack of DRAM and flash to run this new IOS.


Reply to
BradReeseCom Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.