cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1811
Views
4
Helpful
3
Replies

Setting up multipoint VPN site to site Cisco ASA 5505 using Private and public IP addresses

Laith7640
Level 1
Level 1

I hope you can provide me your feedback and comments

We have client that want to set up VPN for one location using Private IP address and the other location using Public IP address.

First location contacted through Fiber so we can reach it through L2 but the second location we're going to build the tunnel

through the internet using Public IP address

Need help on that.

Thanks

3 Replies 3

Kelli Glass
Community Manager
Community Manager

Layth,

I am moving your post to the NGFW/Firewalls space for better visibility and access to feedback.

NGFW/Firewalls

I hope this helps,

Kelli Glass

Moderator for Cisco Customer Communities

Jason Gervia
Cisco Employee
Cisco Employee

This should be do-able - just set up a normal site to site VPN tunnel for the one that is reachable via a static IP address, and for the internet one use a dynamic crypto map entry as the last entry if the public IP address is going to change, like the configuration below:

ASA-to-ASA Dynamic-to-Static IKEv1/IPsec Configuration Example - Cisco

I'm assuming that you're doing this on the same interface, not 2 different ones.  If it's 2 different interfaces then you'll have 2 different crypto maps (1 assigned to each interface), and if the public IP address for the peer changes, then use the dynamic crypto map option on the interface facing the internet.

Review Cisco Networking for a $25 gift card