Site to Site with ASA PFSense box behind a static nat
-
I was wondering if a site to site ipsec tunnel was possible with pfsense running behind a natted isp router tunneling to a ASA with a public ip.
Example
PFSense Wan is 192.168.100.150 that has a static 1 to 1 nat to a public ip on the ISP router
PFsense Lan is 192.168.33.0/24
ASA has a public ip. inside 192.168.0.0/24 Tunnel group and crypto map are pointed to public ip of ISP router that is natted to the wan ip on pfsense. -
http://doc.pfsense.org/index.php/IPsec_between_pfSense_and_Cisco_IOS
enjoy
-
You may or may not get that to work on 1.2.x, depending on how well the router in front of pfSense handles IPsec passthrough.
2.0 has (or will have? not sure if it's 100% yet) NAT-T which will make the scenario you are describing work regardless.