PIX 501 Verizon Infospeed DSL

Has anyone been able to successfully configure this setup? If yes, a) would you mind sending me the configuration? b) what is the version of firmware?

Thanks in advance

Reply to
Loading thread data ...

I'm in Canada but I will make a wild stab at your issue.

I assume you can access the Internet using your PC connected directly to the Verizon DSL modem - correct ?

When you connect PIX 501 you cannot get to internet - correct ?

Potential casue of your problem are:

1 PIX 501 PPPOE config is incorrect or incomplete
  1. Verizon is expecting the same MAC address (ie the MAC address of your PC Ethernet interface
  2. Verizon has a long age on their ARP cache and apparently will not accept new entries until the exisitng one ages out - 2 hours ????

AFAIK the PIX 501 does not support overriding it's burned in MAC addresses (on other SOHO routers this is sometimes referred to as MAC cloning)

It is best if you have 6.3(5) version of software on PIX 501

See Cisco doc "Configuring the PPPoE Client on a Cisco Secure PIX Firewall"

formatting link

!--- Define the VPDN group that you use for PPPoE. !--- Configure this first.

vpdn group pppoex request dialout pppoe

!--- Associate the username that the ISP assigns to the VPDN group.

vpdn group pppoex localname cisco

!--- Define authentication protocol.

vpdn group pppoex ppp authentication pap

!--- Create a username and password pair for the PPPoE !--- connection (which your ISP provides).

vpdn username cisco password *********

Verizon may use a different PPP authentication method i.e chap


  1. check PIX PPPOE config
  2. leave PIX 501 connected for several hours to see if ARP cache timeout is the issue
  3. Call Verizon technical support - I understand this is a real adventure ...
Reply to

This is correct. Verzion has a 2 hour ARP Cache. Check out this link:

formatting link
It's absolutely insane, but true.

Reply to

Do you think it insanely short?

IIRC the default Cisco Router arp timeout is 14,400 seconds which is 4 hours.

As far as I know it is not usual to change it - except with certain resilient L2 networks where unknown unicast forwarding can cause problems.

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.