We have recently moved to BT Infinity from another ISP. Our previous ADSL service offered us multiple static IP addresses and we used a Netgear router in bridged mode that forwarded all traffic to a Cisco PIX firewall. Our old ISP did not use PPPoE login, we plugged in configured the PIX and off we went - no problem.
The PIX handles VPN (Cisco), routing of traffic to a DMZ for FTP/WEB services, and to our internal network for Mail. The PIX is configured to statically route the public IP for the service to the DMZ or Internal IP as required. The PIX has been reconfigured to take account of the new address range/subnet supplied by BT.
Access out to the internet is not a problem and we understand that the 2701 acquires a dynamic IP and maps our public IP range to our PPPoE login.
What we cannot figure out (and we have read the BT Business Total Broadband Small Office Network Guide several times!) is how to configure the 2701 to forward all the IP address range traffic to the PIX without interfering with it. We have configured 2701 with the Public IP Address supplied by BT and modified the Firewall Pinholes etc. etc. but to no avail.
Having done some WEB research we have concluded that the 2701 may not fit our configuration but would like to hear from anyone who has our, or a similar, scenario working with BT Infinity.
If the 2701 turns out not fit for purpose alternative suggestions/configurations would be appreciated. We have seen some chat regarding the DrayTek Vigor 2850/2750 VDSL direct attach and 2920/2130 routers which may solve our problem?
Thank you, in advance, for any assistance offered.
A simplified current network diagram is below:
1 ACCEPTED SOLUTION
Accepted Solutions
Just to let you know it can work.
We ditched the BT 2701 and the Openreach modem replacing them with a Draytek Vigor 2750n VDSL2 router running Firmware v1.5.1. Very nice kit and you can see what is going on with your connection sync speeds, SNR levels etc. etc. You can also backup the configuration which is not possible on the 2701.
All required static IP's from our range are now being seen by the PIX which has the Vigor is the default route outside. When we do a What's My IP we see the PIX public fixed IP and not the variable BT WAN IP as before.
We have also tested another device with a spare public static IP from our range attached directly to the Vigor's switch along with the PIX and it routes fine.
With some help from the Draytek WEB site FAQ's our working set-up screens are as follows:
WAN - Multi-LAN Settings
These are advised on Draytek's WEB site.
WAN - Internet Connection Details
Account login details from the BT welcome letter.
LAN Setup
We left the NAT usage IP as default as we are not using it, disabled DHCP, enabled IP routing and entered the IP/SubnetMask supplied by BT.
Management Setup
To allow us to administer the router via the PIX firewall we enabled Remote Management using the PIX outside address in the Access List
Hi,
Afraid I can't help much with the PIX sied of things, but I can give you some feedback on Draytek!
We used had an ADSL line with a vigor2820vsn attached, and it was excellent. rock solid connection and plenty of features that might not be available on other ADSL routers.
Anyway, we have since upgraded to BT infinity, and the router (2701) they supplied was rubbish! Really slow to perform even basic functions like DHCP, interface etc etc. So we replaced it with a Vigor2850, its a direct connection, so the fibre modem can go in the bin too 
and its a solid as the 2820 we had.
The only issue I have encoutered, is a peculiar situation where PCs in my subnets cannot ping the address of the router (the subnets are sitting behind a L3 switch) the PCs have internet acess and can ping other pc son different subnets just not the router! I am currently investigating this, but I think its either a mis-config or a bug in the 285's firmware.
But other than that its great...
Just to let you know it can work.
We ditched the BT 2701 and the Openreach modem replacing them with a Draytek Vigor 2750n VDSL2 router running Firmware v1.5.1. Very nice kit and you can see what is going on with your connection sync speeds, SNR levels etc. etc. You can also backup the configuration which is not possible on the 2701.
All required static IP's from our range are now being seen by the PIX which has the Vigor is the default route outside. When we do a What's My IP we see the PIX public fixed IP and not the variable BT WAN IP as before.
We have also tested another device with a spare public static IP from our range attached directly to the Vigor's switch along with the PIX and it routes fine.
With some help from the Draytek WEB site FAQ's our working set-up screens are as follows:
WAN - Multi-LAN Settings
These are advised on Draytek's WEB site.
WAN - Internet Connection Details
Account login details from the BT welcome letter.
LAN Setup
We left the NAT usage IP as default as we are not using it, disabled DHCP, enabled IP routing and entered the IP/SubnetMask supplied by BT.
Management Setup
To allow us to administer the router via the PIX firewall we enabled Remote Management using the PIX outside address in the Access List
