Link to home
Create AccountLog in
Avatar of Alex Moffitt
Alex MoffittFlag for United States of America

asked on

ASA 5505 Site to Site VPN Endpoints

I am having a problem with a site to site VPN stomping on some web traffic from the same client.  Here is a rundown and my problem.  I have an ASA 5505 using the following IP:

x.x.x.144/28 - The outside interface is set to x.x.x.145

The client has a site to site with us using x.x.x.145 as the endpoint, so the firewall on their end drops all unencrypted data from that IP.  The problem is that all web traffic from the site comes from x.x.x.145 and they have an external production website that no one from our office can access.

I know what I need to do, I need to either change the outgoing internet traffic IP or change the endpoint of the site to site tunnel (preferred).  The problem is that through all of my research there seems to be no way to set or change the endpoint IP on the ASA.  Is this the case?  It seems very odd to me as I am used to using WatchGuards and Fortigates where you have to specify both endpoints.  Can I just use any of my addresses from 145-158 or what?
Avatar of pgolding00
Flag of Australia image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Alex Moffitt


That's disappointing.  At every turn I am unable to do the tasks I need to accomplish with this device.  I tried to get my company to switch to watchgaurd's but they don't want to spend the little bit of cash it would take to do it.