PPPOA to PPPOE Conversion ? HELP :(

[Hayabusa1989]

Hi,

So at work we have given out firewalls to certain staff, The idea being that they are then secure when the connect to us. The issue however is that the Broadband provider for these lines Authenticates with PPPOA and the Firewalls use PPPOE. 

I know that the Draytek Vigor 120 could fix this issue easily - However my work does not want to add an extra device into the mix as these are peoples homes. 

My issues are
 

1. The Broadband company do have some slight PPPOE support but this switchs back to PPPOA or becomes unstable or they forget and switch it back
2. We can't add extra devices (even though i think we should)
3. Going to another company isnt an option
4. This company only does ADSL so we cannot upgrade to fibre or a different type of service
5. THe PPPOE Support is a much slower rate - ADSL1 
6. My company will not swap out or change the Firewall Routers.
7. I am and we are in the UK

 

Is there any way or will this be a case of banging my head against the wall ?

[Hayabusa1989]

Can anyone help

[Lurick]

Have you tried to put your modem in RFC1483 Bridge Mode?

 

From what I can gather, there are modems in the UK, the Draytek 120 was one used for this job.

[Hayabusa1989]

Cant use a bridge or Modem (stupid i know) has to be all in one

[leadeater]

6 hours ago, Hayabusa1989 said:

Can anyone help

Draytek Vigor 120, this is the exact setup I use at home with a FortiGate 60D so 100% works.

 

I have looked at many different routers, Linksys and ISP provided ones, and the only one that works properly is the Draytek.

 

However why do you even need to do PPPoE to PPPoA conversion, I do it since I want my public IP on the firewall and not the router. IPSec VPNs can have NAT awareness turned on so all you'd need to do is put the firewalls behind the existing equipment in the homes with DHCP on and disable DHCP on the existing router.

[Hayabusa1989]

1 hour ago, leadeater said:

Draytek Vigor 120, this is the exact setup I use at home with a FortiGate 60D so 100% works.

 

I have looked at many different routers, Linksys and ISP provided ones, and the only one that works properly is the Draytek.

 

However why do you even need to do PPPoE to PPPoA conversion, I do it since I want my public IP on the firewall and not the router. IPSec VPNs can have NAT awareness turned on so all you'd need to do is put the firewalls behind the existing equipment in the homes with DHCP on and disable DHCP on the existing router.

Same reason the boss wants the public IP on the firewall.

[Hayabusa1989]

13 minutes ago, Hayabusa1989 said:

Same reason the boss wants the public IP on the firewall.

Also the Firewall IS the router aswell

[leadeater]

14 minutes ago, Hayabusa1989 said:

Same reason the boss wants the public IP on the firewall.

Unfortunately then your stuck in the same situation I was. Very few and I mean VERY few devices support PPPoE to PPPoA interception and conversion, Draytek is the only cheap consumer device I have found that can do it. There are more enterprise options from Cisco but that still isn't what you want.

 

You'll never get past the requirement of two devices if the firewall does not support the PPP mode the ISP uses. You need a device that initiates the DSL line and auths using PPPoA and then bridges the connection to the firewall. The Draytek does it in a special way called half-bridge and you put in the PPPoE settings on the WAN interface as if they were PPPoA (ISP username/pw) and the Draytek intercepts, converts and re-sends as PPPoA. There may be a different way of getting a similar end result but it's not plug and play.

 

Your in luck however if you haven't already brought the firewalls or can return them. Juniper SRX110 has inbuilt ADSL/VDSL modems and can naively use PPPoA. 

[Hayabusa1989]

Its even worse 

Company will ONLY Use one particular brand that do not have anything PPPoA.


Oh well they will realise eventually. 


thank your for your help though !

[leadeater]

Just now, Hayabusa1989 said:

Its even worse 

Company will ONLY Use one particular brand that do not have anything PPPoA.


Oh well they will realise eventually. 


thank your for your help though !

Yea, you just can't make a device do something it can't do no matter how much you want to. I can't run faster than Usain Bolt and no amount of wishful thinking will make it so .

[System Error Message]

I remember this issue having a solution actually with what the OP wants. The modem which is an all in one can be hacked to provide bridge mode and PPPOA to PPPOE wrappers. Its not simple and requires scripts.

 

Best solution would be to get draytek, they are good modems and are capable of combining a few DSL links as well which is better for the business. If your boss cant see the benefit of a good modem ask him the cost of buying a modem like draytek and spending a few minutes to set it up vs to cost of wages for a few hours just to hack the modem which may or may not work..Besides a better modem could mean faster sync speeds to get a bit more bandwidth.

 

The choice of not using PPPOA is not available because PPPOA is what all modems do on ADSL essentially called PPP over ATM whereas PPPOE is PPP over ethernet. Your ISP uses ATM and not an ethernet based network (yes you can use ethernet over rj11). PPPOA is more efficient than PPPOE as there is less overhead.

 

The draytek modem will let you bridge and will perform the conversion for you so that your firewall gets the public IP.

[leadeater]

9 minutes ago, System Error Message said:

-snip-

Yea the Draytek option is the best, he just needs to convince his boss that this is the only way it's going to work and give up on the idea of only using the single firewall device.

[Hayabusa1989]

we thankfully are actually changing supplier to get around this issue, a wins a win i guess.

 

[Hayabusa1989]

Thanks though guys this is why i came here