Configure a PIX 501 or 506E as an Easy VPN Client
PIX Security Appliance Easy VPN Remote feature overview
NOTE:

At the initial release, the PIX Security Appliance 7.0 software will not be available for the 501 and 506E models. The configuration steps covered in this lesson are based on release 6.3.

Any PIX Security Appliance unit running version 6.2 or higher can be configured ass a Cisco Easy VPN Server or an Easy VPN Remote. Using the PIX as an Easy VPN Server lets the administrator configure the VPN policy in a single location on the Easy VPN Server. After configuring the VPN policy, Easy VPN Server can push VPN policy configuration to multiple Easy VPN Remote devices, which greatly simplifies configuration and administration.

When using PIX Security Appliance Software Version 6.2 and higher, a PIX 501 or PIX 506/506E can be used as an Easy VPN Remote device when connecting to an Easy VPN Server, such as a Cisco VPN 3000 Concentrator, Cisco IOS router, or another PIX . Easy VPN Remote device functionality, sometimes called a hardware client, allows the PIX to establish a VPN tunnel to the Easy VPN Server. Hosts running on the LAN behind the PIX can connect through the Easy VPN Remote without individually running any VPN client software.

Each Easy VPN Remote device is assigned to a group. The administrator use the vpngroup command to associate security policy attributes with a VPN group name. As Easy VPN Remote devices establish a VPN tunnel to the Easy VPN Server, the attributes associated with their group are pushed to the Easy VPN Remote device.

This lesson will focus on the Easy VPN Remote configuration for the client device.