Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX-to-PIX IPSec with Auto Tunnel Creation

Hello all,

We have one PIX 515 at our main office and one PIX 501 at our branch office.

We need encrypted IPSec tunnel from our main office to our branch office for administrative purposes (data backup, remote assistance, etc).

The problem is that our branch office is connects to the internet via ADSL and the ISP doesn?t provide a static IP address.

We have set up a dynamic IPSec connection between the two routers and it works fine, but the tunnel can be initiated only from the branch office and not from the main office. Once the tunnel is created, it works fine in both directions.

My question is there a way for the PIX 501 to auto initiate the IPSec tunnel? Or there is another way / setup to create an IPSec tunnel that will work in both directions? Perhaps using DDNS?

Best regards,


  • Other Security Subjects

Re: PIX-to-PIX IPSec with Auto Tunnel Creation

all inbound sessions must be explicitly permitted by an access list or a conduit, the sysopt connection permit-ipsec command is used to permit all inbound IPsec authenticated cipher sessions. With IPsec protected traffic, the secondary conduit check can be redundant and cause the tunnel creation to fail. The sysopt command tunes various PIX firewall security and configuration features.

This widget could not be displayed.