Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

site-to-site vpn and vpn client

Unanswered Question
Feb 14th, 2006
User Badges:

I have two locations that I need to connect using two pix firewalls. One location has a PIX515E [7.0(1)] and the other one has a PIX506E [6.3(5)]. I followed the Cisco examples to create a tunnel between the two sites but I'm unable to establish a tunnel.

Here are the the configurations. I replaced the external IP addresses with and (outside interfaces):



I realize that this will only work until the dynamically assigned public IPs change but that's ok for now. Perhaps someone can show me how to implement a permanent solution using hostnames instead of IP addresses. I can have dynamically updated hostnames using DynDNS.

Also, I need users to be able to use the Cisco VPN client to connect to the 515 site. They don't need to have access to the 506 site once they're connected.

Thanks! :)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mheusinger Tue, 02/14/2006 - 15:17
User Badges:
  • Green, 3000 points or more


please follow the very well documented configuration example given in "Configuring IPSec Between Two PIXes With VPN Client 4.x Access" found at


This should answer your questions.

Hope this helps! Please rate all posts.

Regards, Martin

ph0enix Tue, 02/14/2006 - 17:16
User Badges:

Thanks, but I'm running version 7.0 (totally different ballgame) and 6.3 on the other. As I already mentioned I already followed the Spoke-to-Spoke example almost literally - I just replaced the IP addresses with mine and added dhcpd configuration on the 6.3 side. It's not working. The only other difference that I can think of is that my external addresses are assigned dynamically.


This Discussion