07-07-2009 05:40 AM - edited 02-21-2020 04:16 PM
I have two 506 PIX and I am attempting to get a Site-to-site VPN tunnel working.
The main site has a static IP
remote site is DHCP
Now I have the site to site tunnel working with a static config at the main site. The problem I am running into is the remote site is dhcp and the DSL provider they are using changes IP's very week or so. When this happens I have to log into the main site PIX and change the peer IP and isakmp address.
Is there a way i can setup a site to site tunnel with the remote site having a dynamic IP so I do not need to change the config of the PIX every time their IP changes?
07-07-2009 05:46 AM
Yes you can setup Static to dynamic L2L tunnel, the only requirements will be that the dynamic side will always be the initiator.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml
Regards
07-07-2009 10:03 AM
Cool
After reading it I beleive I need to upgrade my main pix to 7.0 code. it is still running 6.3
EDIT
Because I am running 506e I just read where you cannot update to 7. On the older PIX you need to be 515 or higher.
This sucks so I am back to square one.
07-07-2009 10:33 AM
Quote from link bellow PIX 501,PIX 506E, and PIX 520 are not supported in 7.x or above codes, you cannot upgrade these models to version 7. You must either have a PIX515/515E,525,535 for code 7.x or above..
You can still acomplish Static to Dynamic L2L vpn with your current 6.3 codes.. unless you are looking for a specific feature in 7.x then you must upgrade 501 to its upgrade model asa5505.. but again you can do what you need with 6.x.
http://www.cisco.com/en/US/customer/docs/security/pix/pix70/release/notes/pix_70rn.html#wp31988
Regards
07-08-2009 10:32 AM
you can run 7.x code on the 506e, its just not supported by TAC. and if you load the pix7.x image there is no room for the asdm image.
see this thread:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: