Showing results for 
Search instead for 
Did you mean: 

ASA Site-to-Site VPN over Carrier Grade


Good Day,

I am switching Internet providers and the way it connects to my network is using Carrier Grade NAT on the network and they then distribute a publicly routable /27 via BGP. This works well for NATted and DMZ hosts however I am unable to get any point-to-point VPNs up between any of my offices and it looks like the cause is due to the ISP filtering UDP port 500.

Is there any way possible to have site-to-site LAN setup using a single ASA? I was thinking perhaps I could assign one of my public IPs to a loopback interface and then NAT that address to try and establish connectivity.

Any help would be appreciated

4 Replies 4

VIP Community Legend VIP Community Legend
VIP Community Legend

if the ISP filtering then you need to contract ISP for the requirement.

you can run the debug and see what error messages and failing cause before you contact ISP ?



***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World
VIP Mentor VIP Mentor
VIP Mentor

can you more elaborate what is private and what is public here in your topology.


I've attached a very basic diagram. 

Our ISP is providing connectivity via addresses and is publishing a default route to us via BGP neighborship, we are publishing our public network I have been unsuccessful in setting up a VPN tunnel through the provider network to one of my public IP addresses. I have a PC setup on a private LAN and can reach the Internet and I have been able to get a server up on a public address and I can access those services as well, the issue seems to be UDP/ESP related as connections over TCP appear to be fine.

This is why I was thinking that there is perhaps a way to encapsulate the tunnel on L3 of the network.

Thank you 

Here are the debugs. Sorry for the format but the server I'm working on has no clipboard,



Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers