Solved: Anyone got an Cisco ASA working consistently.

ob123 · ‎13-08-2025

Hello all

BT, are in my area and I have signed up and have a new FTTP 900mb. So happy, super smooth installation. Over the 1st couple of days I setup the ASA and connected directly to the ONT, and setup the pppoe connection. All looked good, for the 1st 5-8hrs.. i also setup the thinkbroadband monitor and that worked and looked amazing sub 10ms ping. I started to notice 10-20% packet loss. Not continuous, but in spikes every couple of hours. At this stage things went downhill, the ip address is not static, I knew that but the freq of change was unreal.. at one stage the ip address changed three times on the same day. So that kinda render my board band monitor useless.

So.. started to debug the pppoe connection, and it looked like it was dropping, at the same time it knocked the internet off, for 3mins.. I suspect but I have no evidence this alligned to the ip address changes that I was also seeing on the wan.

swapped all the LAN cable and patch cables, no change. The asa cpu never went over 20% - ran speed checks in parallel cpu never went above 45%. No change.. still seeing packet loss but 10%… and internet dropping. Plan B, I updated the ASA with the bt hub MAC address and changed the pppoe log in to using the bt hub user name with psw BT. Packet loss dropped to less the. 5% but still disconnecting. Plan C which is now working, asa is connected to the bt hub via dhcp and bt hub is connected to the ONT. and I suspect is now double NATing, but it’s working ok and speed is 900mb I want to remove the the bt hub. Any got this to work with Cisco.

Man on a mission

ob123 · ‎15-08-2025

any thoughts? or is this another limitation. If anyone has had any success with any other enterprise firewall brand and FTTP from BT.. please do share.

Man on a mission

licquorice · ‎15-08-2025

What is the MTU set to on the Cisco.

ob123 · ‎22-08-2025

Hi licquorice

Outside (BT) 1492, inside 1500 (LAN).

Man on a mission

licquorice · ‎22-08-2025

You could try 1500, as far as I'm aware BT supports baby jumbo frames.

ob123 · ‎28-08-2025

Sorted... have been running now with no dropout or reconnections for over a week. If anyone has a cisco asa and is looking for a working configuration with FTTP & ONT and no BT Hub. Here was my solution...

ASA# config t
vpdn group pppoe_BT request dialout pppoe
vpdn group pppoe_BT ppp authenticate chap
vpdn group pppoe_BT localname bthomehub@btbroadband.com
vpdn username bthomehub@btbroadband.com password BT

interface GigabitEthernet0/0 // Or your outside interface name
ip address pppoe setroute
pppoe get default route

ASA ppp parameters
echo (no option to enable, cisco docs confirm on by default) keepalive (no option on ASA 9.14.2 5525x)

1. Clear any existing vpdn configurations, including any interface config that relate to pppoe
2. check the running config and confirm no ref to pppoe or vpdn groups
3. check again!
3. wr mem (save config)
4. Assuming you have a family all on the internet and they don't mind, reload the config (reboot ASA - belt and braces)- otherwise not required
5. Setup the VPDN configuration.

ASA# config t
vpdn group pppoe_BT request dialout pppoe
vpdn group pppoe_BT ppp authenticate chap
vpdn group pppoe_BT localname bthomehub@btbroadband.com
vpdn username bthomehub@btbroadband.com password BT

6 Setup the interface configuration (Outside)
config t
interface gig 0/0
nameif Outside
security-level 0
pppoe client vpdn group pppoe_BT
ip address pppoe setroute

7. Setup the MTU on the Outside interface
config t
mtu Outside 1492

8. FYIO NAT'ing using the interfaces. My looks like this : nat (Inside,Outside) source dynamic any interface

implement
9. Shutdown old interface to BT HUB..
10 Enable new interface Outside (No shutdown)
11. (reload) - this way i find sorts out the default routing - if any one knowns a cleaner way to do this via CLI show please share
12. while the ASA is reloading, shutdown the BT Hub, power down the ONT, wait 30sec and power up the ONT and disconnect the BT Hub

confirmation internet should be up and running. for troubleshooting

ASA# show vpdn ?

group Keyword to display group information
pppinterface Show ppp interface information
session Show session information
tunnel Show tunnel information
username Keyword to display user information

HomeASA# show vpdn group pppoe_BT
vpdn group pppoe_BT request dialout pppoe
vpdn group pppoe_BT localname bthomehub@btbroadband.com
vpdn group pppoe_BT ppp authentication chap

HomeASA# show vpdn session state

%No active L2TP tunnels

%No active PPTP tunnels

PPPoE Session Information (Total tunnels=1 sessions=1)

SessID TunID Intf State Last Chg
4884 2 Outside SESSION_UP 3229 secs

HomeASA# show vpdn pppinterface id 1

PPP virtual interface id = 1
PPP authentication protocol is CHAP
Server ip address is 999.999.999.999
Our ip address is 888.888.888.888
Transmitted Pkts: 32996, Received Pkts: 41893, Error Pkts: 3
MPPE key strength is None
MPPE_Encrypt_Pkts: 0, MPPE_Encrypt_Bytes: 0
MPPE_Decrypt_Pkts: 0, MPPE_Decrypt_Bytes: 0
Rcvd_Out_Of_Seq_MPPE_Pkts: 0

Man on a mission

Anyone got an Cisco ASA working consistently.

Re: Anyone got an Cisco ASA working consistently.

Re: Anyone got an Cisco ASA working consistently.

Re: Anyone got an Cisco ASA working consistently.

Re: Anyone got an Cisco ASA working consistently.

Re: Anyone got an Cisco ASA working consistently.