07-02-2017 01:27 AM
I hope you can provide me your feedback and comments
We have client that want to set up VPN for one location using Private IP address and the other location using Public IP address.
First location contacted through Fiber so we can reach it through L2 but the second location we're going to build the tunnel
through the internet using Public IP address
Need help on that.
Thanks
07-03-2017 08:53 AM
Layth,
I am moving your post to the NGFW/Firewalls space for better visibility and access to feedback.
I hope this helps,
Kelli Glass
Moderator for Cisco Customer Communities
07-03-2017 02:51 PM
Thanks
07-05-2017 05:26 PM
This should be do-able - just set up a normal site to site VPN tunnel for the one that is reachable via a static IP address, and for the internet one use a dynamic crypto map entry as the last entry if the public IP address is going to change, like the configuration below:
ASA-to-ASA Dynamic-to-Static IKEv1/IPsec Configuration Example - Cisco
I'm assuming that you're doing this on the same interface, not 2 different ones. If it's 2 different interfaces then you'll have 2 different crypto maps (1 assigned to each interface), and if the public IP address for the peer changes, then use the dynamic crypto map option on the interface facing the internet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide