Re: Problem in establishing Site to Site VPN between ASA 5525 an

karthick.elangovan · ‎12-06-2013

ASA 5525 has a Private IP address given by the ISP with Public pool provided - Internet from ASA is working fine .

RV220 end the Peer IP address is Public IP

Is it possible to terminate a IPsec site to site VPN on ASA which has a private ip address. please suggest.

jlmickens · ‎12-09-2013

The VPN is defined between two IP addresses normally. Private addresses don't route, so you can't define them in the VPN configuration. It's possible, I suppose, that if you defined the RV220 side to allow connection from the entire 5525 public pool and set it so that the 5525 end always initiated the connection, it might work, but I don't know for sure. Does the public pool belong to just you? If not, I'd talk to my ISP about getting a static NAT for your 5525.

karthick.elangovan · ‎12-10-2013

Thanks for the reply. I was also concluded the same. Just wanted to make sure if there is any other way to form a tunnel.....Also I would like to know whether the same can be setup using Site to Site IPSec VPN with Dynamic IP Endpoint. Bcoz RV220 has a static IP and we can give the peer IP as 0.0.0.0 0.0.0.0 so that it can accept connections from any public ip which requests to form a tunnel. If the parameters match it will form tunnel else will not. Will it works as the ISP does the Private to Public translations from the ASA end. Please advise.

Problem in establishing Site to Site VPN between ASA 5525 and RV220 (small business)