cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
322
Views
0
Helpful
4
Replies

Site to Site VPN between two ISPs

Thomas Summers
Beginner
Beginner

I have a customer that is trying to setup a site to site vpn.  I have checked my network and I am not blocking ports 500 and 4500.  The customers ASA is behind a cable modem with a static IP assigned.  I am able to ping the outside interface of the ASA.  The VPN session they are trying to setup will travel between the ISP I work for and another.   

4 Replies 4

Richard Burts
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru

You have not given us much information to work with. You tell us that the customer has an ASA but do not tell us what you are running the VPN on. You talk about a customer and then say that the VPN is between two ISP. Is the customer an ISP?

Are you seeing any sign of the ISAKMP packets attempting to negotiate the VPN? Can you supply some details of how you have configured your side of the VPN? Do you know any details of how the customer has configured their VPN?

HTH

Rick

HTH

Rick

The company I work for is an ISP and the folks trying to get the Site to Site VPN working is a customer of my company in our service area as well as a customer to another ISP in their service area.  I am trying to help out my customer.  I do not have their configuration for their firewall.  I am look to see if anyone has done a Site to Site with Firewalls behind cable modems.

I have done a site to site VPN with firewall behind a cable modem. As long as they have an assigned static IP the VPN should be relatively straightforward and I do not see that it makes any particular difference that it is behind a cable mode., other than the possibility that the provider might block the required ports.

Rick

HTH

Rick

kvaldelo
Beginner
Beginner

Hi Thomas,

Do you know if the VPN head-end and remote-end have NAT-T enabled ? I might think the modem could be natting the firewall IP to something different remember ESP packets  cant be natted unless encapsulating into UDP4500 or having a no-nat for that traffic 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers