Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1642
Views
4
Helpful
3
Replies

Setting up multipoint VPN site to site Cisco ASA 5505 using Private and public IP addresses

Laith7640
Level 1
Level 1

‎07-02-2017 01:27 AM

I hope you can provide me your feedback and comments

We have client that want to set up VPN for one location using Private IP address and the other location using Public IP address.

First location contacted through Fiber so we can reach it through L2 but the second location we're going to build the tunnel

through the internet using Public IP address

Need help on that.

Thanks

Labels:
3 Replies 3

Kelli Glass
Community Manager
Community Manager

‎07-03-2017 08:53 AM

Layth,

I am moving your post to the NGFW/Firewalls space for better visibility and access to feedback.

NGFW/Firewalls

I hope this helps,

Kelli Glass

Moderator for Cisco Customer Communities

Jason Gervia
Cisco Employee
Cisco Employee

‎07-05-2017 05:26 PM

This should be do-able - just set up a normal site to site VPN tunnel for the one that is reachable via a static IP address, and for the internet one use a dynamic crypto map entry as the last entry if the public IP address is going to change, like the configuration below:

ASA-to-ASA Dynamic-to-Static IKEv1/IPsec Configuration Example - Cisco

I'm assuming that you're doing this on the same interface, not 2 different ones.  If it's 2 different interfaces then you'll have 2 different crypto maps (1 assigned to each interface), and if the public IP address for the peer changes, then use the dynamic crypto map option on the interface facing the internet.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card