Should I use static or Dyn routing for 2 site using P2P T1?

Ok Expert Fam I got a good one this week.

Here it is.  
2 Networks that are connected via P2P T1.  Each Site has a 2611XM
FE0/0 /24
FE0/1 65.X.X.1
S/0 /30

There is Firewall on LAN A side
PIX 506E
E0/0 205.X.X.1

FE0/0 /24
S0/0 /30
Router will serve up DHCP

Here is the Need
All Traffic needs internet access
All 192 168.2.0 traffic on the far end needs internet access
Need to make sure that firewall still does the job of protection.
Should I use dyn. routing protocol or static routing?  
Here is the Config I have so far

version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname XXXXXXXX
enable secret 5 $1$NA2L$nQ6ZbzfFGt1GEDo1ZuZik1
enable password
ip subnet-zero
interface FastEthernet0/0
 ip address
 speed auto

interface Serial0/0
 nterface Serial 0/0
 no shutdown
 description connected to XXXXXX
 service-module t1 clock source line
 service-module t1 data-coding normal
 service-module t1 remote-loopback full
 service-module t1 framing esf
 service-module t1 linecode b8zs
 service-module t1 lbo none
 service-module t1 remote-alarm-enable
 ip address
 encapsulation ppp

interface FastEthernet0/1
 ip address 205.X.X.80
 speed auto
ip classless
ip http server
ip pim bidir-enable
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
snmp-server community RO
line con 0
line aux 0
line vty 0 4

I need help in making in sure these 2 sides to talk to one another.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If I am correct in assuming that subnet is routed to then to firewall and out, then I'd say that you should setup static route records for the network.  Unless you have a relatively large network with lots of subnets (eg 4 or more routers), static should be adequate (as long as you dont plan on changing your network architecture too much.  Besides, if you enable Dynamic routing, your network will have to deal with RIP routing updates flying around.  Dynamic is easier to maintain though.  I think it comes down to how much time you have and if your network can stand another device (or 2) sending update packets out.

Static= little harder to configure, medium difficulty to maintain, requires less network overhead.
Dynamic= easier to startup, easier to maintain, requires more network overhead.
Assuming your setup is something like this:

Internet ->PIX-->LANA-->router-->T1-->router-->LANB

All you need on LANB router is a static default, all users on LANB point to the router as their default gateway (192.168.2.x):
ip route

On LANA router, you need a route to LANB and a default to the PIX:
ip route
ip route

All users on LANA point their default gateway to the routers E0 address:

Make sure the PIX is setup also with a route back to
route inside

and make sure this subnet is included in the nat (inside) statement...

deasemAuthor Commented:
The only other question I have is
If I point all users to to the E0 on the Router to be the default gateway,  then at what point will the 192.168.1.X users get NATed when they try to get out to the internet.

so  I guess I'm going to have something like this
ip route
ip route

ip route

route inside
nat (inside) 1 0 0
nat (inside) 1 0 0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

>at what point will the 192.168.1.X users get NATed when they try to get out to the internet.
When they go out through the PIX..
UserPC - defaults to router IP
Router defaults to PIX
Router will "redirect" local traffic to the PIX for anthing other than the networks it knows about
Router will "route" remote traffic to the PIX for any destination not local

You got it on the configs...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Irmoore has it:

Say PC 192.168.1.x wants (

192.168.1.x Asks Router1 "Can you send this request to"
Router1 thinks "I dont know where that is, so I'll send it to my default route, Router2"
Router1 asks Router2 "Can you send this request to for me?
Router2 says "That's not any of my listed subnets, I'll send it to my default route"
Router2 asks Firewall "can you send this to"
Firewall says sure, and sends it out, where the routerjumping process continues until a router knows how to connect to, and then retrieves info and sends it back the path it came in on.

As long as each default gateway points towards the right device, you should be golden

*This was an oversimplified explanation.
deasemAuthor Commented:
You guys are the best.  Thanks again.  I can't wait until tomorrow to get this thing off the ground.  On last thing.  
if you anybody can answer this.
Since I have the firewall, there is no need for me to place any access-list on the router unless i want to block from network?

Thanks again
You can use an access-list on the router, but it's not really necessary unless you want to restrict these two subnets from talking to each other...

Unless you mean the router in front of the PIX. In  that case, you can if you want. I have a whole list of AsiaPAC subnets blocked at the router so my firewall never has to deal with them..
deasemAuthor Commented:
Thats about it.. Thanks again for your help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.