Solved: Re: Stati IP address

Aukerrhodes · ‎15-02-2011

Hello,

We have ordered 5 Static IP address along with our broadband connection.

Our intention is assign Static Public IP address to our watchguard firewall by configring BT supplied modem in bridged mode over ppoe.

I am getting Dynamic IP addresses (83.x.x.x) assigned to my connection every time, I restart my firewall.

IP address that I am getting is not from the static IP address pool that was assigned to us which is 217.37.x.x.

This is possibly because BT might have framed the Static Address to Router's MAC address.

Is there any way where in I could still use static IP address to my firewall while using the BT modem in bridged mode?

Thanks

a-hill · ‎15-02-2011

The peer address you're seeing is perfectly normal, the connecting device will always be assigned a dynamic IP, said device should then be configured with the multiple statics in a no-NAT setup to allow the IP's to work... generally the connecting device won't get one of your static range.

Depending on the firewall, you can usually assign the gateway address of your static range directly onto the WAN port of your firewall, as long as it can obtain the subnet and gateway automatically from the ISP... this will then be treated as a single static IP for your Watchguard. You would then set up the multiple statics on the LAN side of your Watchguard and disable NAT, then each device will be assigned with of of the IP range. If the Watchguard can run multiple subnets, you should be good to set up 1 to 1 IP mapping. On any normal set up however, the dynamic IP on your WAN port is normal and the advised set up.

*NOTE: This currently works due to policies in place on the Wholesale servers that allow it to work in this way, it's not a standard setup, and if the policies change and it stops working, there isn't really anything we can do about it.

View solution in original post

Redbull · ‎15-02-2011

Hi Aukerrhodes,

Multi-Statics are not my forte, however the NoNat-5 Product from BT supplies you 5 static Public IPs however your peer address is dynamiclly assigned and therefore each reboot/resync of the router could give you a different peer address.

To make your firewall work I believe you need to stop your router from assigning IP addresses (NAT) with the DMZ function and open ports to enable traffic to your firewall.

You then need to setup your firewall to control NAT on your network.

Hope this helps?

a-hill · ‎15-02-2011

The peer address you're seeing is perfectly normal, the connecting device will always be assigned a dynamic IP, said device should then be configured with the multiple statics in a no-NAT setup to allow the IP's to work... generally the connecting device won't get one of your static range.

Depending on the firewall, you can usually assign the gateway address of your static range directly onto the WAN port of your firewall, as long as it can obtain the subnet and gateway automatically from the ISP... this will then be treated as a single static IP for your Watchguard. You would then set up the multiple statics on the LAN side of your Watchguard and disable NAT, then each device will be assigned with of of the IP range. If the Watchguard can run multiple subnets, you should be good to set up 1 to 1 IP mapping. On any normal set up however, the dynamic IP on your WAN port is normal and the advised set up.

*NOTE: This currently works due to policies in place on the Wholesale servers that allow it to work in this way, it's not a standard setup, and if the policies change and it stops working, there isn't really anything we can do about it.

Aukerrhodes · ‎16-02-2011

Hello Redbull / a-hill,

Thanks for your help. I'll try your suggested sollution including DMZ options.