I would like to bring up a site-to-site VPN between 2 cisco routers. The difficult part is that one of them can only get an internet connection to its WAN port from another router. The upstream router is holding the public IP on its WAN port.
SiteA: 1811 router with address x.x.x.x. This address is fully routable/public ip
SiteB: 1841 router with address 192.168.0.x on its WAN port.
Is it possible to bring up a site-to-site VPN tunnel between the 1811 and the 1841? What is required of the router sittning between the 1841 and the internet?
Yes you can set up a site to site VPN where one of the routers has a dynamically assigned address. The key parts of making this work is that on the router with fixed address the crypto key is configured for address 0.0.0.0 and the crypto map is configured as a dynamic map. Also note that in this situation the router with fixed address can not initiate the connection, it must be initiated by the router with dynamic address.
This link sound very similar to what you describe and should be enough to get you going:
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...