11-08-2011 06:59 AM
We have been asked to create a L2L vpn connection to a local government customer.
The remote site cannot provide an external IP address to terminate the VPN on, the only "external" IP address they have is on the 10.x.x.x network. I have to assume that this is to facilitae communication within different authorities, but the network admin does not know how it will cross the rest of the secure network to get out to the internet.
We only require the far end to initiate the VPN link, so if I configured the VPN without a remote peer, would this work? I would assume so, but have always used static peers.
Regards
Tony
11-08-2011 08:09 AM
If they initiate the connection then yes it will work but the configuration will vary depending on what you are using. ASA?
11-08-2011 09:20 AM
Tony
What you describe is very similar to the situation where you are setting up a site to site VPN and one of the peers has a DHCP address. This is supported and does work. In general the key thing is to create a dynamic map entry which allows your device to accept a connection initiated from the remote device when your device does not already know the address of the remote peer. Assuming that the traffic from the remote device does get through their infrastructure and through whatever firewalls they may have without any issues (and without any changes) then it should work ok for you.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide