Dynamic VPN Tunnel

NetworkGuy! · ‎08-27-2019

Hi All

I need to setup a connection from a remote place to my headoffice

The remote place runs on home broadband router and has only 1 public IP. I could use an internal ip given by them

for example: public IP is 104.1.1.1

private IP: 192.168.10.10

The remote place has only basic broadband router so can do natting from private IP to Public IP

Question is - can I setup a Dynamic Site 2 Site vpn to my head office? (Can I use 192.168.10.10 on my firewall external and initiate the tunnel to headoffice public IP? the return traffic would be to broadband router which will be NATd back to my firewall in remote place - will this work?)

Thanks,

Rob Ingram · ‎08-27-2019

Hi,

You don't state which hardware you are using, but I assume ASA. As long as you can nat UDP 500/4500 from the broadband router to the private IP address of the FW, it should establish a VPN to the main site.

HTH

Karsten Iwen · ‎08-27-2019

For quite some time, NAT and VPNs work together. The spoke can be behind dynamic NAT/PAT, the Hub can be behind a static NAT without limiting the functionality.

So in general, it will work. But based on the rest of the setup and the devices and software versions involved, there can be some challenges.

Just go on and if you face some problems ask again for help.

NetworkGuy! · ‎08-27-2019

Sorry its a Cisco on both ends

The issue is the broadband router (ISP) router is not capable of doing this. so thought a dynamic tunnel would help but can that work on an internal address and natd when it goes out through broadband router?