pix1 was version 8
pix2 was version 6

I configured pix1 as per the version 7 tutorial, and configured pix2 as per
the version 6 tutorial.

I then made the following adjustments:

- adjusted the IP addressing on pix2 to match the network diagram in the
  version 7 tutorial

- adjusted the ipsec transform sets and isakmp policies on both pixes so that
  they matched. I went with a compromise between what I thought each could
  support (3des), but did not research this in depth; you can probably find
  other encryption standards in common between the two.

- adjusted things like session lifetime parameters to match on both units.


To test this configuration, I connected the outside interfaces on both PIXes
to a Cisco 1800 router. I connected them on the switchports, then started a
SPAN session to monitor (mirror traffic) from one of these ports onto a third
one, where I had a laptop running wireshark. Wireshark is able to decode many
of the ISAKMP negotiation packets, so it was reasonably easy to see when
something was mismatched and not connecting properly.

On the inside interfaces of each PIX, I had a computer with a local IP address
on the "inside" range for that PIX. I then attempted to ping the machine on
the other PIX, which (if everything is configured correctly) initiates the
tunnel.