VPN between public IP & private IP

Hi is there any way to connect two sites together, for ex: Site (a) & Site (b) both of them can reach the internet, but only site (a) have a public IP?

Hello Mustafa

In order for a site to site VPN to function, there must be IP connectivity between the two VPN devices. From my understanding, you question has to do with if a VPN tunnel can traverse a NAT translation. For this situation, I’ve created the following topology:

In this case, Network A has a firewall that has a public IP while Network B has a firewall that has a private IP address. The second is behind a NAT router which provides access to the Internet.

For such a scenario, a VPN will not be able to traverse the NAT router unless it is configured correctly. The ASA devices have a feature called NAT Traversal (NAT-T) which are mechanisms that allow such an arrangement. For more information about how NAT-T is configured, take a look at this Cisco documentation.

I hope this has been helpful!


thanks for your explanation,it was very helpful.

1 Like