PIX Firewall PPPoE Client Configuration
PPPoE (see RFC 2516) provides an authenticated method for assigning IP addresses to client
systems by combining the following two widely accepted standards:
¦ Point-to-Point Protocol (PPP)
¦ EthernetPPPoE is composed of the following two main phases:
¦ Active discovery phase
¦ PPP session phase
PPPoE connects a network of systems over a simple bridging access device to a remote access
concentrator (AC). In the active discovery phase, the PPPoE client locates the AC (or PPPoE
server). After locating an AC, the PPPoE client establishes a PPP session.
When establishing a session, PPP options are negotiated and authentication is performed.
Once the session is completely established, the information from the client is sent across the
Ethernet network by encapsulating the PPP messages in unicast Ethernet packets. The session
ID enables the AC to determine to which client the PPP messages belong.After configuration, the Security Appliance automatically connects to a service provider’s AC
without user intervention. By setting the MTU to 1492 bytes, the Security Appliance can
encapsulate PPPoE messages inside regular Ethernet frames by attaching PPPoE/PPP headers.
The Security Appliance PPPoE Client can operate in environments that are using other
firewall features such as the following:
¦ NAT to or from the outside interface (or over a VPN)
¦ URL content filtering before transmission (to or from outside interface)
¦ Firewall rules on traffic before transmission to or from the outside interface (or over
a VPN)
If your ISP distributes certain configuration parameters, such as DNS and WINS, the Security
Appliance’s PPPoE Client can retrieve these parameters and automatically pass these
parameters to its Dynamic Host Configuration Protocol (DHCP) clients. You need to use the
dhcpd auto-config command on the Security Appliance to enable your DHCP clients to
receive the configuration parameters automatically from the PPPoE client.