Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

L2L VPN without remote peer IP address

We have been asked to create a L2L vpn connection to a local government customer.

The remote site cannot provide an external IP address to terminate the VPN on, the only "external" IP address they have is on the 10.x.x.x network. I have to assume that this is to facilitae communication within different authorities, but the network admin does not know how it will cross the rest of the secure network to get out to the internet.

We only require the far end to initiate the VPN link, so if I configured the VPN without a remote peer, would this work? I would assume so, but have always used static peers.

Regards

Tony

2 REPLIES
Green

L2L VPN without remote peer IP address

If they initiate the connection then yes it will work but the configuration will vary depending on what you are using. ASA?

Hall of Fame Super Gold

L2L VPN without remote peer IP address

Tony

What you describe is very similar to the situation where you are setting up a site to site VPN and one of the peers has a DHCP address. This is supported and does work. In general the key thing is to create a dynamic map entry which allows your device to accept a connection initiated from the remote device when your device does not already know the address of the remote peer. Assuming that the traffic from the remote device does get through their infrastructure and through whatever firewalls they may have without any issues (and without any changes) then it should work ok for you.

HTH

Rick

301
Views
0
Helpful
2
Replies
CreatePlease to create content