Re: ASA 5505 Config Question

skhirbash · ‎01-15-2010

Hi all,

I am new to Firewalling and I have a project that I need to implement at a customer's site. Here is the current network design:

Customer's Site:

ASA 5505 connected through customer's router

Outsite Interface: IP 126.x.y.z

Site-To-Stie IPSec VPN to ISR (Headquarter)

Heaquarter ISR:

ISR 2810

Site-To-Site IPSec VPN to ASA5505

The customer will be replacing his data service provider and thus his router and that would cause us to lose the public IP 126.x.y.z; therefore, VPN tunnel to ISR. The customer mentioned that he would proivde us with a private IP address only. So, my question is; since the outside interface currently having a publich IP address of the ASA5505 will be gone, how should I configure the ASA5505 to re-establish the tunnel knowing that the ASA will be on the customer's switch and the outside interface will now have to be configured with a private IP address instead of ?

Thanks much for your help.

Regards,

sK

vilaxmi · ‎01-17-2010

Hello,

So you mean to say that, your customer is changing their ISP and they would get a new IP address range. You would need to get their firewall's outside ifc (public/private doesn't matter) IP address, in order to re - establish the tunnel by changing the peer address on the 2810 router @ HQ.

I don't think, you can make the lan-to-lan tunnel work w/o the peer address..

HTH

Vijaya