Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Remote VPN Tunnels with 2 pix 506

I have two 506 PIX and I am attempting to get a Site-to-site VPN tunnel working.

The main site has a static IP

remote site is DHCP

Now I have the site to site tunnel working with a static config at the main site. The problem I am running into is the remote site is dhcp and the DSL provider they are using changes IP's very week or so. When this happens I have to log into the main site PIX and change the peer IP and isakmp address.

Is there a way i can setup a site to site tunnel with the remote site having a dynamic IP so I do not need to change the config of the PIX every time their IP changes?


Re: Remote VPN Tunnels with 2 pix 506

Yes you can setup Static to dynamic L2L tunnel, the only requirements will be that the dynamic side will always be the initiator.


Community Member

Re: Remote VPN Tunnels with 2 pix 506


After reading it I beleive I need to upgrade my main pix to 7.0 code. it is still running 6.3


Because I am running 506e I just read where you cannot update to 7. On the older PIX you need to be 515 or higher.

This sucks so I am back to square one.

Re: Remote VPN Tunnels with 2 pix 506

Quote from link bellow PIX 501,PIX 506E, and PIX 520 are not supported in 7.x or above codes, you cannot upgrade these models to version 7. You must either have a PIX515/515E,525,535 for code 7.x or above..

You can still acomplish Static to Dynamic L2L vpn with your current 6.3 codes.. unless you are looking for a specific feature in 7.x then you must upgrade 501 to its upgrade model asa5505.. but again you can do what you need with 6.x.



Re: Remote VPN Tunnels with 2 pix 506

you can run 7.x code on the 506e, its just not supported by TAC. and if you load the pix7.x image there is no room for the asdm image.

see this thread:,12923133~start=20

CreatePlease to create content