We have been asked to create a L2L vpn connection to a local government customer.
The remote site cannot provide an external IP address to terminate the VPN on, the only "external" IP address they have is on the 10.x.x.x network. I have to assume that this is to facilitae communication within different authorities, but the network admin does not know how it will cross the rest of the secure network to get out to the internet.
We only require the far end to initiate the VPN link, so if I configured the VPN without a remote peer, would this work? I would assume so, but have always used static peers.
What you describe is very similar to the situation where you are setting up a site to site VPN and one of the peers has a DHCP address. This is supported and does work. In general the key thing is to create a dynamic map entry which allows your device to accept a connection initiated from the remote device when your device does not already know the address of the remote peer. Assuming that the traffic from the remote device does get through their infrastructure and through whatever firewalls they may have without any issues (and without any changes) then it should work ok for you.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...