SRX

Hello

 

It's possible to setup Vpn site-to-site connection without Public IP, using only local IP ? Some forwarding  from public IP to local ? In one branch i don't have public ip in our firewall,  i have to connect this branch vpn connection.

 

 

Best regards

luk

 

 

if you want to establish a vpn over the internet, you need to have public ip on both the ends ...

 

if you dont have any, enjoy 🙂

 

Use teamvieweer software to remotely access you entriprise  systems remotely over the internet

 

regards

That should work, as long as the HQ has a public IP. You'd set NAT traversal, use FQDN to identify the branch firewall, and possibly set aggressive. I seem to remember NAT-T requires aggressive, but would need to look it up.

 

Like another poster mentioned, as long as you have 1 public IP you can create a L2L VPN. You will just need to configure the VPN for aggressive mode on both the branch and home SRX. Why anyone would use teamviewer for access to a corporate network is beyond me................

Yeah it required aggressive mode.

 

You can use FQDN on dynamic side if you have DYNDNS or similar.

 

You can also use dynamic-user-at-hostname  IE an email address as the ID for the dynamic end.  This disadvantage of this is that you will not be able to bring up the vpn from your Head end.  But as long as you have a traffic generator on the remote end to keep the vpn up this works just fine.  I've got over 100 vpns setup this way.  Good for punching though customer firewalls W/O having firewall rules or a static ip.