diff --git a/docs/guides/site-to-site-connectivity/end-customers.mdx b/docs/guides/site-to-site-connectivity/end-customers.mdx
index 9d96def32..48174bd10 100644
--- a/docs/guides/site-to-site-connectivity/end-customers.mdx
+++ b/docs/guides/site-to-site-connectivity/end-customers.mdx
@@ -186,7 +186,7 @@ The best way to disallow other uses of ngrok on your network is working with you
 
 Your vendor will configure their DNS to issue certificates for the custom address, such as `your-company.us.connect.your-vendor.com:443`. Then they’ll work with you to [reconfigure your ngrok agents](/docs/agent/ingress/) to utilize the custom ingress address.
 
-Your vendor can aluo work with ngrok to provision dedicated IPs for their custom ingress address.
+Your vendor can also work with ngrok to provision dedicated IPs for their custom ingress address.
 
 At this point, you can block the default agent ingress address at `connect.ngrok-agent.com:443`, which all agents use by default to connect outbound to ngrok’s network. This address resolves to a dynamic set of IP addresses, and blocking it at your network prevents any usage outside of this site-to-site connectivity use case in partnership with your vendor, such as developers utilizing ngrok to tunnel local development environments to the public internet.