cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
471
Views
0
Helpful
4
Replies

Site to Site VPN between two ISPs

Thomas Summers
Level 1
Level 1

I have a customer that is trying to setup a site to site vpn.  I have checked my network and I am not blocking ports 500 and 4500.  The customers ASA is behind a cable modem with a static IP assigned.  I am able to ping the outside interface of the ASA.  The VPN session they are trying to setup will travel between the ISP I work for and another.   

4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

You have not given us much information to work with. You tell us that the customer has an ASA but do not tell us what you are running the VPN on. You talk about a customer and then say that the VPN is between two ISP. Is the customer an ISP?

Are you seeing any sign of the ISAKMP packets attempting to negotiate the VPN? Can you supply some details of how you have configured your side of the VPN? Do you know any details of how the customer has configured their VPN?

HTH

Rick

HTH

Rick

The company I work for is an ISP and the folks trying to get the Site to Site VPN working is a customer of my company in our service area as well as a customer to another ISP in their service area.  I am trying to help out my customer.  I do not have their configuration for their firewall.  I am look to see if anyone has done a Site to Site with Firewalls behind cable modems.

I have done a site to site VPN with firewall behind a cable modem. As long as they have an assigned static IP the VPN should be relatively straightforward and I do not see that it makes any particular difference that it is behind a cable mode., other than the possibility that the provider might block the required ports.

Rick

HTH

Rick

kvaldelo
Level 1
Level 1

Hi Thomas,

Do you know if the VPN head-end and remote-end have NAT-T enabled ? I might think the modem could be natting the firewall IP to something different remember ESP packets  cant be natted unless encapsulating into UDP4500 or having a no-nat for that traffic