nainasipra
asked on
is it possible to make VPN between two site offices without leased line or static ip ?
Dear Experts,
I have 100mbps, 100 mbps broadband PPPoE connections on both offices. Is it possible to make a VPN connection using these connections, without having leased line or public IP?
I have Router 2801 on one site and other site i have ASA 5510.
Well, if you have an internet connection you should have a public ip ;)
As long as one of the two has a static (public) ip address that should be possible. Keep in mind though that in that case you can only initiate the VPN from the site that has a dynamic ip to the site that has a 'static' ip. If you want to be able to set up (initiate) a VPN from either site, then both need to have a static public ip.
The hardware you have should be quite capable of doing that :)
As long as one of the two has a static (public) ip address that should be possible. Keep in mind though that in that case you can only initiate the VPN from the site that has a dynamic ip to the site that has a 'static' ip. If you want to be able to set up (initiate) a VPN from either site, then both need to have a static public ip.
The hardware you have should be quite capable of doing that :)
ASKER
dear erniebeek:
with pppoe connection i have public ip but its dynamic ip not static.
so is there no way to make vpn with dynamic ip or using pppoe kind of internet connection?
with pppoe connection i have public ip but its dynamic ip not static.
so is there no way to make vpn with dynamic ip or using pppoe kind of internet connection?
Your ISP can make PPPOE into a static as very modest cost. That would be the way for one end.
... Thinkpads_User
... Thinkpads_User
Well, to set up a site to site vpn you atleast need one static public ip :-~
Don't now where thinkpads_user lives, but at my place it isn't that cheap to get a static public :-((
It might be an idea though to check with your ISP to see if it is possible to get a static ip (or two, at both sides). That would make things a lot easier.
Don't now where thinkpads_user lives, but at my place it isn't that cheap to get a static public :-((
It might be an idea though to check with your ISP to see if it is possible to get a static ip (or two, at both sides). That would make things a lot easier.
Where I am, cheap business internet (dynamic) is about $50 monthly; making it static is about $85 monthly. Those numbers are about 2 years old. ... Thinkpads_User
ASKER
but for static ip i have to apply for leased line not pppoe and leased line cost is to much even 1mbps leased line is costly than pppoe 100mbps . may i have static seperate and can use with pppoe 100mbps connection?
ASKER
I am in UAE and here also it isn't that cheap to get a static public :-((
How often does the IP address at either end change? You can test setting one end up as static, put in the current IP and see if it maintains connection. If it changes daily, that is obviously too much. If it changes every 6 months, that may be workable. ... Thinkpads_User
He might have a point there.
Over here (netherlands, europe) I have a 'dynamic' public ip. However, as long as I keep my firewall up and running (without turning it of for longer than a week) I keep the same ip. It might be worth a try to see how long an IP at your place 'holds'.
Over here (netherlands, europe) I have a 'dynamic' public ip. However, as long as I keep my firewall up and running (without turning it of for longer than a week) I keep the same ip. It might be worth a try to see how long an IP at your place 'holds'.
ASKER
ok suppose if dynamic public ip will work for longs hours. what will be the process to configure it.
current scanerio:
internet line(dynamic PPPoE 100mb) going to router(linksys WRT320N) WAN port and lan port of that router is connected with LAN network. and this linksys router is my gateway for my TMG and for all network users' gateways is TMG Server.
what will be next scanerio if i will use ASA5510/Cisco2801 for VPN.
Should i connect this internet line direct with Router2801 and configure PPPoE user/password on that router and this router will act as gateway for my TMG?
or something else???
current scanerio:
internet line(dynamic PPPoE 100mb) going to router(linksys WRT320N) WAN port and lan port of that router is connected with LAN network. and this linksys router is my gateway for my TMG and for all network users' gateways is TMG Server.
what will be next scanerio if i will use ASA5510/Cisco2801 for VPN.
Should i connect this internet line direct with Router2801 and configure PPPoE user/password on that router and this router will act as gateway for my TMG?
or something else???
Connect your Cisco 2801 to the internet modem and configure the Cisco 2801 as a static connection to your modem (you still need userid and passord, but see if you can assign an IP to the connection). If not, make a note of what the IP is for later use.
Now connect your network to the Cisco 2801. You don't need the LinkSys unless you want to make it a dumb wireless device (no DHCP and internally statically connected to the LAN) for wireless use. It is no longer part of the equation. .... Thinkpads_User
Now connect your network to the Cisco 2801. You don't need the LinkSys unless you want to make it a dumb wireless device (no DHCP and internally statically connected to the LAN) for wireless use. It is no longer part of the equation. .... Thinkpads_User
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Dear Erniebeek,
if i will make pppoe connection then i need pppoe static public ip to configure vpn connection. to get the static public ip pppoe i need to run "show ip address outside pppoe" command.
but without Output Interpreter i can't run this command. and when i went to cisco site to download this additional service i were not able to download because their requirements are:
Purchase Direct from Cisco
Requires: Valid Purchase or Sales Order Number and Customer Number
Customer of a Cisco Certified Partner Initiated Customer Access [PICA] Partner
Requires: PICA Registration Number and Verification Key
You are a Cisco Certified Internetwork Expert [CCIE User]
Requires: CCIE Certification
My company purchased this product long time ago and they don't have any purchase number, 2nd we are cisco certified parter, 3rd i am not ccie.
Please help me to see the public ip of PPPoE connection.
thanks
if i will make pppoe connection then i need pppoe static public ip to configure vpn connection. to get the static public ip pppoe i need to run "show ip address outside pppoe" command.
but without Output Interpreter i can't run this command. and when i went to cisco site to download this additional service i were not able to download because their requirements are:
Purchase Direct from Cisco
Requires: Valid Purchase or Sales Order Number and Customer Number
Customer of a Cisco Certified Partner Initiated Customer Access [PICA] Partner
Requires: PICA Registration Number and Verification Key
You are a Cisco Certified Internetwork Expert [CCIE User]
Requires: CCIE Certification
My company purchased this product long time ago and they don't have any purchase number, 2nd we are cisco certified parter, 3rd i am not ccie.
Please help me to see the public ip of PPPoE connection.
thanks
'but without Output Interpreter i can't run this command'
? Not sure what you mean. You should be able to just give the command at the prompt...
Otherwise, just use a machine behind the firewall and browse to: www.whatismyip.com
? Not sure what you mean. You should be able to just give the command at the prompt...
Otherwise, just use a machine behind the firewall and browse to: www.whatismyip.com
However, it will be vastly superior and not expensive to make one end truly static and then you will not have any issues. .... Thinkpads_User