cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
487
Views
4
Helpful
4
Replies

Remote VPN Tunnels with 2 pix 506

D0nprintup_2
Level 1
Level 1

I have two 506 PIX and I am attempting to get a Site-to-site VPN tunnel working.

The main site has a static IP

remote site is DHCP

Now I have the site to site tunnel working with a static config at the main site. The problem I am running into is the remote site is dhcp and the DSL provider they are using changes IP's very week or so. When this happens I have to log into the main site PIX and change the peer IP and isakmp address.

Is there a way i can setup a site to site tunnel with the remote site having a dynamic IP so I do not need to change the config of the PIX every time their IP changes?

4 Replies 4

JORGE RODRIGUEZ
Level 10
Level 10

Yes you can setup Static to dynamic L2L tunnel, the only requirements will be that the dynamic side will always be the initiator.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml

Regards

Jorge Rodriguez

Cool

After reading it I beleive I need to upgrade my main pix to 7.0 code. it is still running 6.3

EDIT

Because I am running 506e I just read where you cannot update to 7. On the older PIX you need to be 515 or higher.

This sucks so I am back to square one.

Quote from link bellow PIX 501,PIX 506E, and PIX 520 are not supported in 7.x or above codes, you cannot upgrade these models to version 7. You must either have a PIX515/515E,525,535 for code 7.x or above..

You can still acomplish Static to Dynamic L2L vpn with your current 6.3 codes.. unless you are looking for a specific feature in 7.x then you must upgrade 501 to its upgrade model asa5505.. but again you can do what you need with 6.x.

http://www.cisco.com/en/US/customer/docs/security/pix/pix70/release/notes/pix_70rn.html#wp31988

Regards

Jorge Rodriguez

you can run 7.x code on the 506e, its just not supported by TAC. and if you load the pix7.x image there is no room for the asdm image.

see this thread:

http://www.dslreports.com/forum/remark,12923133~start=20

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: