Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Pix 501 pppoe gets dynamic IP Static IP Needed

I have a Pix 501 at a remote location and it requires a static IP for the concentrator.

The ISP account includes a block of static IP address but the ip address outside pppoe setroute command gives me a dynamic IP. I am told by the ISP that it can't be set statically and that the static IP addresses need to be added to the router and "exposed"..

I don't want to use any static IP's inside I just need the Pix to have a static IP in addition to the dynamic one that it gets from pppoe.

The following configuration is currently working as I have the dynamic IP in the concetrator but should the IP change they will loose connection to the home network.

Is there a solution for this????

PIX Version 6.3(4)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password **************** encrypted

passwd ******************** encrypted

hostname HostName

domain-name domainname

fixup (lots of fixup stuff here)


access-list (lots of access list stuff here)

access-list out_in permit icmp any any echo-reply

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside pppoe setroute

ip address inside

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list 100

nat (inside) 1 0 0

access-group out_in in interface outside

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http inside

no snmp-server location

no snmp-server contact

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set vpnset esp-3des esp-md5-hmac

crypto map vpnmap 10 ipsec-isakmp

crypto map vpnmap 10 match address 101

crypto map vpnmap 10 set peer

crypto map vpnmap 10 set transform-set vpnset

crypto map vpnmap 20 ipsec-isakmp

crypto map vpnmap 20 match address 102

crypto map vpnmap 20 set peer

crypto map vpnmap 20 set transform-set vpnset

crypto map vpnmap interface outside

isakmp enable outside

isakmp key ******** address netmask

isakmp key ******** address netmask

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

telnet inside

telnet timeout 5

ssh outside

ssh timeout 60

console timeout 0

vpdn group GroupName request dialout pppoe

vpdn group GroupName localname LocalName

vpdn group GroupName ppp authentication pap

vpdn username UserName password Password

dhcpd address inside

dhcpd dns

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd domain DomainName

dhcpd enable inside

terminal width 80

New Member

Re: Pix 501 pppoe gets dynamic IP Static IP Needed

I had the same problem with Bellsouth DSL. My solution was to purchase a Netopia Wireless Router from them ($100), configure it and basically passthrough the static IP block to my PIX. The device was easy to configure and it has worked fine since then. It gets a dynamic IP on it's WAN interface but exposes/passthrough the static block to my PIX. eg. My block Netopia Wan (DHCP using PPPOE), Netopia LAN, PIX outside route outside

Hope this helps!