Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Site to site VPN and XAUTH

Head end PIX 525 (6.2)

Remote site PIX 501 (6.3) with DHCP assigned Outside IP

I have two requirements

1) to be able to VPN into remote PIX for support/trouble shooting (unless there's a better way to do it). The flaw with this is establishing the remote IP address but they don't change too often.

2) To authenticate using XAUTH against our ACS server.

Using the EzVPN setup I can achive 2 but not 1

Using the Site to Site setup I can achive 1 but not 2

Any ideas?


Re: Site to site VPN and XAUTH

With site to site configuration, you should be able to initiate a tunnel from the remote site PIX to your 525 but doing so in the other direction will not work. This is so because the central site PIX will not be aware of the remote endpoint address which is assigned dynamically. This would not permit you to initiate a tunnel for remote management. I guess using SSH would be a better idea. For more information you could refer to

CreatePlease to create content