Setting up Cisco VPN client on PIX

Posted on 2008-10-03
Last Modified: 2012-05-05
I have a Cisco PIX 515 in place at my office.  I average about 30-40 remote users daily.

Our current VPN connection is the Windows remote access server on a windows 2003 server.  

I would like to enable the vpn client on the PIX.  I have a site-to-site VPN enabled now between one other office.

What is the best/easiest way to enable the vpn client on the PIX and am I limited to the client vpn version for my users?

Question by:WPC479
  • 5
  • 2
  • 2
  • +1
LVL 18

Expert Comment

ID: 22637322
LVL 12

Accepted Solution

Pugglewuggle earned 125 total points
ID: 22638200
The PIX 515 should have plenty of power to handle 30-40 users. Just make sure you have a license for that number of users - you can check this by running the sh ver command. This number only applies to simultaneously connected users. Even if you have 500 users total, as long as the number that connect at the same time is the same or fewer than the licensed number you are good.
You can download the latest software for the PIX at the following link. I HIGHLY suggest you upgrade to the newest software before trying this as upgrading enables new features and fixes bugs.
Just make sure you have enough flash/RAM for the new software. I recommend the 8.0.4 version. It is very good.
As far as software goes, you will need to use the Cisco VPN Client. You can reach that from the same link above.
One other thing - when setting up the VPN make sure you use DH group 2  or the Cisco VPN Client won't work.
Cheers! Let me know if you have any questions!
LVL 79

Assisted Solution

lrmoore earned 125 total points
ID: 22643110
The easiest way is to use the vpn wizard in PDM GUI.
Best is to upgrade the PIX to version 8.0(4), ASDM 6.13 GUI, and then setup the vpn.
You are not limited to the Cisco VPN version, but the latest 5.x client works best with both XP and Vista. The client is free and there is no limit on how many users you can support.

@Pug - there is no user limit on 515 based on license.

@sk_raja_raja - we expect at least some explanation as to why you are posting a link, and what the user can expect to find in that link. Almost every answer to almost every question regarding Cisco product can be found at as long as you know exactly what to search for and have the skills to determine which option is most appropriate for the asker's question.
LVL 12

Expert Comment

ID: 22643210
Lol I guess I forgot to even mention the PDM even though I said to check the DH group 2 option in it. Thanks lrmoore!
My mistake on the PIX 515 license - thinking of the ASAs... funny how Cisco brought back the VPN user limit with the ASAs isn't it? You know they just lloooovvve those license fees.
Agreed with lrmoore on raja's post... wtf?

Author Comment

ID: 22643679
I will try upgrading because I am behind a bit on upgrades.  Then, I will look at the PDM

Thanks lrmoore and pugglewuggle.... I will post after all is done....
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

LVL 12

Expert Comment

ID: 22643727
kk! Just make sure you have enough RAM/flash!

Author Comment

ID: 22653130
I currently have the following on my PIX:

Version 6.3(3)
PDM Version 3.0(4)
Flash 16MB

Guess I can't go to 8.0

Can I set this up anyway and does it matter which VPN client I use, or are they all the same?
LVL 12

Expert Comment

ID: 22653363
you can't use 8.0... you need 64 MB for that.
Go ahead and use 7.2(4). It's a huge improvement over 6.x and it only needs 16MB of RAM.
LVL 79

Expert Comment

ID: 22654924
You need a RAM upgrade because you need 64MB RAM to run any version of 7 or 8.x
I bought a 32Mb stick for < $50
PIX515-MEM-32=   is the part number, just google it for a good price

Then you can run anything you want, including the latest 8.0(4)

Otherwise, you can upgrade what you have to 6.3(5) and PDM 3.14 which is still an improvement over what you've got.
Use almost any VPN client 4.x or 5.x

LVL 12

Expert Comment

ID: 22660962
Yes that's right - I meant 64MB RAM and 16MB flash.

Featured Post

ScreenConnect 6.0 Free Trial

Explore all the enhancements in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI, app configurations and chat acknowledgement to improve customer engagement!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA inside & outside to same switch 3 42
Setup NAT/PAT question 3 42
Single PC won't comunicate across VPN 6 45
Vpn Server 2012 not working Draytek Vigor 2830 2 30
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now