ASA 5505 Config Question

Unanswered Question
Jan 15th, 2010

Hi all,

I am new to Firewalling and I have a project that I need to implement at a customer's site. Here is the current network design:

   Customer's Site:

         ASA 5505 connected through customer's router

         Outsite Interface: IP 126.x.y.z

         Site-To-Stie IPSec VPN to ISR (Headquarter)

   Heaquarter ISR:

         ISR 2810

         Site-To-Site IPSec VPN to ASA5505

The customer will be replacing his data service provider and thus his router and that would cause us to lose the public IP 126.x.y.z; therefore, VPN tunnel to ISR. The customer mentioned that he would proivde us with a private IP address only. So, my question is; since the outside interface currently having a publich IP address of the ASA5505 will be gone, how should I configure the ASA5505 to re-establish the tunnel knowing that the ASA will be on the customer's switch and the outside interface will now have to be configured with a private IP address instead of ?

Thanks much for your help.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vilaxmi Sun, 01/17/2010 - 17:36


So you mean to say that, your customer is changing their ISP and they would get a new IP address range. You would need to get their firewall's outside ifc (public/private doesn't matter)  IP address, in order to re - establish the tunnel by changing the peer address on the 2810 router @ HQ.

I don't think, you can make the lan-to-lan tunnel work w/o the peer address..




This Discussion