Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
279
Views
0
Helpful
1
Replies

VPN with private IP on external interface

huwyhuwy123
Level 1
Level 1

‎05-26-2011 02:35 PM

Hi there,

We'd to setup a site-site VPN between 2 ASA 5505s. The problem is that one of them is in a serviced office and has a private IP address on the external interface. The office company provides a 1-1NAT from one of their public IPs to the private IP (on the external interface of the ASA).

Obviously there will be a problem forming the tunnel to a private IP. Can you think of a way around this?

Cheers,

Huw

Labels:
0 Helpful
1 Reply 1

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎05-27-2011 12:36 PM

Hi there,

Indeed a VPN tunnel must be established between public IPs (if going through the Internet).

If the ASA at one side has a private IP, but the ISP provides a one-to-one static NAT, then you can terminate the tunnel at the public IP (NATed IP).

The requirement is that the ISP must redirect all traffic to your private IP (as it will do if having a static NAT).

Hope it helps.

Federico.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents