Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 649
  • Last Modified:

Do I need a static IP address for my Cisco PIX 501?

I am going to replace my ATT DSL service with ATT U-Verse.  Currenty, I have a Cisco Pix 501 firewall and a Gigabit switch that connect less than a dozen computers and other ethernet devices to the Internet.  I currently have 5 static IP addresses assigned to my DSL service.  I got them so that I could run my own web server behind the firewall.  Since then, I've moved my web site to an external hosting service.  My Cisco Pix 501 is currently configured as follows:

name 192.168.1.1 pix_inside
name 999.999.999.248 pix_outside
ip address outside pix_outside 255.255.255.248
ip address inside pix_inside 255.255.255.0

Open in new window


When I switch to ATT U-Verse, do I still need a static IP address to support my Cisco PIX firewall appliance?  Please explain.
0
carlkelley
Asked:
carlkelley
  • 2
  • 2
  • 2
1 Solution
 
Ernie BeekExpertCommented:
If there are no services running anymore (like a webserver, email, etc) that require a static address that shouldn't be a problem. Even then you could use something like dyndns.
So you can use: ip address outside dhcp setroute in the setup, just remember that any incoming access list, outgoing nat has to have 'interface' in it instead of an public ip.
For axample the global: global (outside) 1 interface
0
 
CWCertus1Commented:
If you need to get to this firewall from external source i.e. for VPN or for remote management of your PIX, you could use a single static. Also, if there are no hosted services such as Web sites, webmail (OWA), exchange etc.

I would never consider Dynamic DNS services for a business (this will be controversial), it is just another possible point of failure and I do not consider it to be designed for business use. It is more designed for advanced home users with dynamic IP addresses. In fact most Business class internet services would have at least a single public IP.
0
 
carlkelleyAuthor Commented:
I will not be running any Internet services behind my firewall.  But, I will need to connect to various client machines via VPN for hours at a time.  

ATT will charge an additional $15.00 per month for a block of 8 static IP addresses.  You can't get just one.  Is a static IP address necessary for any VPN connection types ?
0
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

 
CWCertus1Commented:
If it is a VPN tunnel between 2 firewalls (Site to site connection) then you will need a static if not, you theoretically won't need one.

You will need to go with dynamic dns setup for the vpn otherwise you will continually be updating the IP address on your VPN connection.
0
 
Ernie BeekExpertCommented:
Even a site to site only requires on side to have a static address. So as long as the sites that you connect to have a static address, that shouldn't have to be a problem. It might require some reconfiguration on the tunnel(s) setup though.
0
 
carlkelleyAuthor Commented:
I appreciate the Pix configuration hints.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now