cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

bridge mode on 2740N

junoqbeat
Dabbler
Posts: 20
Registered: ‎07-12-2015

bridge mode on 2740N

‎07-12-2015 11:03 PM

Hi All.
I need your help guys ;(
Guys from PlusNet have no idea what or how to setup a bridge mode so I can use my firewalls and do NATing on them instead of doing double NAT.
I've tried expert mode,etc but there is nothing in the options that will show "Bridge Mode"
Sales guy from PlusNet told me that "yes our router does support the bridge mode" but now they are telling me that yes it does support it but we have no idea where it is or how to setup Bridge mode.....
After all I am a business customer with this small and stupid router.
Need your help ,
Many thanks in advance
Message 1 of 41
(4,787 Views)
0 Thanks
40 REPLIES 40
junoqbeat
Dabbler
Posts: 20
Registered: ‎07-12-2015

Re: bridge mode on 2740N

‎07-12-2015 11:08 PM

P.S. I have Cisco Firewall which doesn't have ADSL port so what I need is the bridge mode to bridge ADSL (RJ11) into a Ethernet(RJ45) connection so I can use my ASA behind this super ADSL Router Cheesy
Message 2 of 41
(2,686 Views)
0 Thanks
MisterW
Superuser
Superuser
Posts: 14,709
Thanks: 5,499
Fixes: 393
Registered: ‎30-07-2007

Re: bridge mode on 2740N

‎08-12-2015 8:08 AM

Quote
Sales guy from PlusNet told me that "yes our router does support the bridge mode" but now they are telling me that yes it does support it but we have no idea where it is or how to setup Bridge mode.....
I can't recall anyone on here reporting that bridge mode is possible on the 2704n. I suspect sales were being 'econonmical with the truth'. The 2704 isn't a business router. In your case I would suggest getting a simple ADSL modem http://www.broadbandbuyer.co.uk/store/modems/adsl-modems/#content for use with your firewall. Maybe worth thinking about a VDSL/ADSL one in case you upgrade to fibre in the future.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Message 3 of 41
(2,686 Views)
0 Thanks
w23
Pro
Posts: 6,347
Thanks: 96
Fixes: 4
Registered: ‎08-01-2008

Re: bridge mode on 2740N

‎08-12-2015 9:07 AM

Previous attempts (possibly successful) for bridge mode on 2704N here: http://community.plus.net/forum/index.php/topic,137629.msg1213758.html#msg1213758
Call me 'w23'
At any given moment in the universe many things happen. Coincidence is a matter of how close these events are in space, time and relationship.
Opinions expressed in forum posts are those of the poster, others may have different views.
Message 4 of 41
(2,686 Views)
0 Thanks
Anotherone
Champion
Posts: 19,107
Thanks: 457
Fixes: 21
Registered: ‎31-08-2007

Re: bridge mode on 2740N

‎08-12-2015 9:09 AM

You'll need to change the firmware to get Bridge mode (there is no formal support for this). Not for the faint-hearted.
Message 5 of 41
(2,686 Views)
0 Thanks
junoqbeat
Dabbler
Posts: 20
Registered: ‎07-12-2015

Re: bridge mode on 2740N

‎08-12-2015 5:01 PM

Hi Anotherone.
Can you drop me a link for a firmware ? That will be a great help
Thanks
Message 6 of 41
(2,686 Views)
0 Thanks
junoqbeat
Dabbler
Posts: 20
Registered: ‎07-12-2015

Re: bridge mode on 2740N

‎08-12-2015 5:34 PM

I am getting confused by people when they say something like "When you bridge router to the modem (PPPOA) next device in the row (Firewall in this case) needs to support PPPOE. I am not sure if that is true . I remember bridging Zyxel routers without knowing that is PPPOA and PPPOE :)))))
So after all that , I think D-Link DSL-320B ADSL 2+ Ethernet Modem OR TP-LINK TD-8817 USB/Ethernet ADSL 2+ Modem Router should do the job . What do u think guys ?
DrayTek Vigor 120 ADSL2+ Ethernet Modem :
All login/ISP details are entered on the connected client device, not the Vigor 120
This is the bit that I don't get. My ASA doesn't care about IPS username and password Smiley
confusion
P.S. I am sure ZyXEL Prestige P-660HW-T1 Wireless G ADSL Router will be as good as whats been mentioned above
Thanks for suggestion guys Wink

Message 7 of 41
(2,686 Views)
0 Thanks
aesmith
Pro
Posts: 629
Thanks: 80
Fixes: 4
Registered: ‎26-09-2015

Re: bridge mode on 2740N

‎08-12-2015 7:21 PM

In the configuration that you're considering, your ASA will be talking PPPoE to the modem, then the modem talks PPPoA over the DSL.  Normally this means the ASA needs to provide the username and password because this is where the PPP session actually originates, and you want the ASA to receive the provided IP address (to avoid double NAT as you said).  Are you configuring your ASA with ASDM or from the command line? 
There's an example document here http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/11032... but I note that it is for v8.0 software, and I'm aware that were fairly sweeping changes in the ASA software during the 8.x releases, so you might want to cross check with the documentation for your actual software release.  A quick look at the docs for 9 suggest it should be the same in principle.
Message 8 of 41
(2,686 Views)
0 Thanks
junoqbeat
Dabbler
Posts: 20
Registered: ‎07-12-2015

Re: bridge mode on 2740N

‎08-12-2015 8:28 PM

Dope!
I've got 9.x
Config can be done on both ASDM as well as CLI.
I've got a request to get /29 static public IP address space.
Hope all that wont create any more issues.
P.s. In the config guade there is no notes about the routing (default route)
Plus I've been told that even if I will have /29 space my outside interface should be set to DHCP :))
I hope that the main (Outside) interface address will remain the same
Message 9 of 41
(2,686 Views)
0 Thanks
Anotherone
Champion
Posts: 19,107
Thanks: 457
Fixes: 21
Registered: ‎31-08-2007

Re: bridge mode on 2740N

‎08-12-2015 9:36 PM

The firmware is mentioned in reply #50 of the "Unlocking the potential.." thread.
Message 10 of 41
(2,686 Views)
0 Thanks
aesmith
Pro
Posts: 629
Thanks: 80
Fixes: 4
Registered: ‎26-09-2015

Re: bridge mode on 2740N

‎08-12-2015 9:42 PM

Quote from: junoqbeat
P.s. In the config guade there is no notes about the routing (default route)
Plus I've been told that even if I will have /29 space my outside interface should be set to DHCP

Default route is set by the "setroute" option in the "ip address pppoe setroute" i/f config line. 
Re /29 that sounds normal, a separate "customer subnet" not related to the wan address.  What are you using the /29 for?  DMZ or just more nat addresses?

Message 11 of 41
(2,686 Views)
0 Thanks
junoqbeat
Dabbler
Posts: 20
Registered: ‎07-12-2015

Re: bridge mode on 2740N

‎08-12-2015 11:20 PM

Some services,lab,etc
I so get used to ethernet and a proper routing that I've just realised that sharing a public Vlan with 2x firewalls not going to work as both firewalls need pppoe username and password setup which won't work :(((;;
Message 12 of 41
(2,686 Views)
0 Thanks
aesmith
Pro
Posts: 629
Thanks: 80
Fixes: 4
Registered: ‎26-09-2015

Re: bridge mode on 2740N

‎09-12-2015 6:49 AM

Don't really follow your topology.  It's correct that only one device can terminate your PPP session, but it's also the case that only one device can get that negotiated external IP.  If you want two firewalls sharing the Internet connection, how about using the 2704N as a router without NAT.  Put the /29 on the inside LAN of the 2704N, and on the outside interfaces of your two firewalls.  NAT on the firewalls.  Does that make sense?
Message 13 of 41
(2,686 Views)
0 Thanks
junoqbeat
Dabbler
Posts: 20
Registered: ‎07-12-2015

Re: bridge mode on 2740N

‎09-12-2015 9:34 AM

I whould need to share the diagram but i think you did unswer my qoestion :)))
On this router there is no funtion available to desable NAT and use it as the routing
In case of doing what you mentioned above I would need to lose one public IP (which will be configured on the LAN interface of my ISP router)
And also ISP need to configure routing to my /29 ie telling the rest of the world that my /29 is behid my small ISP router(dsl) . Not surehow the routing will work:
Incomming ---(Internet) ----> ISP Adsl interface(external) IP X.X.X.X --- [ ADSL router itself ] --- Lan IP Y.Y.Y.1/29 ----> Firewall 1 & Firewall 2
Outgoing connection is easy I will just set the defaulteoute towards the LAN interface of my ISP router and thats it.
As far as I know ISP will asign my ADSL router (external interface) IP via DHCP which means it will change, so even if I will askthem to setup some static routes it wont work.
I hope what I am saying make some sense:)))
Message 14 of 41
(2,686 Views)
0 Thanks
aesmith
Pro
Posts: 629
Thanks: 80
Fixes: 4
Registered: ‎26-09-2015

Re: bridge mode on 2740N

‎09-12-2015 12:33 PM

OK sounds like we're speaking about the same topology.    If the 2704N can't disable NAT then that's an issue, however this topology is only going to work the way you want with a non-NAT router at that location.  The PPP negotiated IP address can only apply to one device, and the /29 customer network will be routed via that negotiated address so needs to be on your side of that device.
Yes, you lose one public IP address on the LAN side of the router, and that address can't be used for NAT entries on the firewall(s).
Routing "And also ISP need to configure routing to my /29 ie telling the rest of the world that my /29 is behid my small ISP router(dsl) ".  Strictly the ISP doesn't have to tell the rest of the world,  your /29 will be part of their PA address space so everyone already knows which ISP is responsible.  It's only the ISP's internal routing that needs to be updated.  The way I assume it works is that your DSL router connects and authenticates, the ISP dishes out an IP address via PPP, then it must as part of that same process update routing tables giving that address as the next hop for your /29 prefix.  I've certainly worked on installations where the WAN IP address was changeable, yet still routed to a fixed customer assigned subnet.
Hope this helps.
Message 15 of 41
(2,686 Views)
0 Thanks