Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
527
Views
0
Helpful
2
Replies

question about site to site vpn(one site is public address,the other site is private address)

chen.jeff
Community Member

‎09-24-2010 09:01 PM

network environment is that:

ASA ----- Internet -------C2811

ASA connect Internet by ISP (special line), and  has an fixed public address(eg: 221.x.x.x)

C2811 connect Internet by ISP (ADSL line), it will dial by PPP, and is assigned an private address.(eg:10.x.x.x, address is not fixed)

The private address will NAT by ISP to access Internet. (global public address is not fixed also)

Now we need create site to site vpn, between ASA and C2811. How to do it?  Thank you very much.

Labels:
0 Helpful
2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

‎09-25-2010 12:23 AM

You can configure dynamic to static site-to-site vpn tunnel.

Here is the sample configuration for your reference:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807ea936.shtml

Hope that helps.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Jennifer Halim

‎09-25-2010 03:12 PM

As I read the original post I believe that there are 2 parts to the requirements. One part is the establishing of VPN between a dynamic address and a static address. The first response gives a good solution for that. But the second part is that the dynamic address is in private address space and will be translated by the provider on the way out. I wonder if translation of the source address will make problems in verifying the encrypted packet at the receiving ASA?

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents