One of our customers has strange fiber internet connection. Basically, I have to assign IP address to physical WAN interface (X.X.X.2/30) which I can’t use for anything. I have another scope of usable IP address Y.Y.Y.1/29 but if I assign IP address Y.Y.Y.2 to my WAN interface without assigning X.X.X.2, everything is working perfectly fine for few hours and then stops. ISP told me I have to get this strange IP on physical interface. Before I used Cisco Router and was able to assign X.X.X.2 as secondary and Y.Y.Y.2 as primary IP and everything was working perfectly fine. However now I’m changing firewall to Cisco ASA and as far as I know there is no way to assign two IPs to one physical interface.
Eventually I’ve ended assigning X.X.X.2 to WAN and I used Y.Y.Y.2 as netted IP addresses. Everything is working (more or less) apart of VPN. I stuck on it as it looks VPN connection is using IP of physically assigned to interface, which in my case cannot be used. Is any way to set VPN using another IP address form Y.Y.Y.1/29 pool? Perhaps somebody had similar issue and resolved it somehow?
An option might be to keep the router with the x.x.x.2 IP on the WAN facing side and then place the ASA behind the router and NAT y.y.y.1 to the ASA and use that IP for site to site.
On the ASA, VPNs are always terminated on the interface IP. Why can't you use X.X.X.2 for your VPN?
What is so strange with the outside IP? is it a private IP? What do you mean when you say "it just simply doesn't work"? Do you have any other NAT statements for the outside interface?