Remote VPN Tunnels with 2 pix 506

Unanswered Question
Jul 7th, 2009

I have two 506 PIX and I am attempting to get a Site-to-site VPN tunnel working.

The main site has a static IP

remote site is DHCP

Now I have the site to site tunnel working with a static config at the main site. The problem I am running into is the remote site is dhcp and the DSL provider they are using changes IP's very week or so. When this happens I have to log into the main site PIX and change the peer IP and isakmp address.

Is there a way i can setup a site to site tunnel with the remote site having a dynamic IP so I do not need to change the config of the PIX every time their IP changes?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
D0nprintup_2 Tue, 07/07/2009 - 10:03

Cool

After reading it I beleive I need to upgrade my main pix to 7.0 code. it is still running 6.3

EDIT

Because I am running 506e I just read where you cannot update to 7. On the older PIX you need to be 515 or higher.

This sucks so I am back to square one.

JORGE RODRIGUEZ Tue, 07/07/2009 - 10:33

Quote from link bellow PIX 501,PIX 506E, and PIX 520 are not supported in 7.x or above codes, you cannot upgrade these models to version 7. You must either have a PIX515/515E,525,535 for code 7.x or above..

You can still acomplish Static to Dynamic L2L vpn with your current 6.3 codes.. unless you are looking for a specific feature in 7.x then you must upgrade 501 to its upgrade model asa5505.. but again you can do what you need with 6.x.

http://www.cisco.com/en/US/customer/docs/security/pix/pix70/release/notes/pix_70rn.html#wp31988

Regards

Actions

This Discussion