Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Can you create a site-to-site VPN without access to public IP?

My first thought was no, but I realize the ASA has many tricks... Here's the scenario.  Our HQ office has an ASA 5510 with full access to internal and external IP's.  We have a small group of remote users that are working from a shared office suite and they only have Internet access by way of internal default gateway.  Using a VPN client is not desirable due to many other devices requiring access to HQ.  Is there a way to create a site-to-site VPN from this remote office space back to HQ (ASA 5510) if they have no access to the public IP address on their end?

Thanks!

2 REPLIES

Can you create a site-to-site VPN without access to public IP?

Hi,

If you are coming via internet, you need to have a public ip (static/dhcp) in order to establish s2s vpn. Not to side track your questions, but even if there is a way to to do this, your shared office user traffic will be traversing through rest of the users traffic (till the point of encryption) and this is wil be a security risk.

Thx

MS

Can you create a site-to-site VPN without access to public IP?

Hi,

Both VPN endpoints must be able to reach each other.

In order words, basic connectivity is required.

Please keep us posted.

Thanks.

1361
Views
0
Helpful
2
Replies