PIX 501 Verizon Infospeed DSL

I'm in Canada but I will make a wild stab at your issue.

I assume you can access the Internet using your PC connected directly to the Verizon DSL modem - correct ?

When you connect PIX 501 you cannot get to internet - correct ?

Potential casue of your problem are:

1 PIX 501 PPPOE config is incorrect or incomplete

1. Verizon is expecting the same MAC address (ie the MAC address of your PC Ethernet interface
2. Verizon has a long age on their ARP cache and apparently will not accept new entries until the exisitng one ages out - 2 hours ????

AFAIK the PIX 501 does not support overriding it's burned in MAC addresses (on other SOHO routers this is sometimes referred to as MAC cloning)

It is best if you have 6.3(5) version of software on PIX 501

See Cisco doc "Configuring the PPPoE Client on a Cisco Secure PIX Firewall"

!--- Define the VPDN group that you use for PPPoE. !--- Configure this first.

vpdn group pppoex request dialout pppoe

!--- Associate the username that the ISP assigns to the VPDN group.

vpdn group pppoex localname cisco

!--- Define authentication protocol.

vpdn group pppoex ppp authentication pap

!--- Create a username and password pair for the PPPoE !--- connection (which your ISP provides).

vpdn username cisco password *********

Verizon may use a different PPP authentication method i.e chap

Summary:

1. check PIX PPPOE config
2. leave PIX 501 connected for several hours to see if ARP cache timeout is the issue
3. Call Verizon technical support - I understand this is a real adventure ...

This is correct. Verzion has a 2 hour ARP Cache. Check out this link:

It's absolutely insane, but true.

Do you think it insanely short?

IIRC the default Cisco Router arp timeout is 14,400 seconds which is 4 hours.

As far as I know it is not usual to change it - except with certain resilient L2 networks where unknown unicast forwarding can cause problems.