Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

site-to-site vpn and vpn client

I have two locations that I need to connect using two pix firewalls. One location has a PIX515E [7.0(1)] and the other one has a PIX506E [6.3(5)]. I followed the Cisco examples to create a tunnel between the two sites but I'm unable to establish a tunnel.

Here are the the configurations. I replaced the external IP addresses with and (outside interfaces):

I realize that this will only work until the dynamically assigned public IPs change but that's ok for now. Perhaps someone can show me how to implement a permanent solution using hostnames instead of IP addresses. I can have dynamically updated hostnames using DynDNS.

Also, I need users to be able to use the Cisco VPN client to connect to the 515 site. They don't need to have access to the 506 site once they're connected.

Thanks! :)


Re: site-to-site vpn and vpn client


please follow the very well documented configuration example given in "Configuring IPSec Between Two PIXes With VPN Client 4.x Access" found at

This should answer your questions.

Hope this helps! Please rate all posts.

Regards, Martin

Community Member

Re: site-to-site vpn and vpn client

Thanks, but I'm running version 7.0 (totally different ballgame) and 6.3 on the other. As I already mentioned I already followed the Spoke-to-Spoke example almost literally - I just replaced the IP addresses with mine and added dhcpd configuration on the 6.3 side. It's not working. The only other difference that I can think of is that my external addresses are assigned dynamically.

CreatePlease to create content