Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site to Site with ASA PFSense box behind a static nat

    Scheduled Pinned Locked Moved IPsec
    3 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      ns1113
      last edited by

      I was wondering if a site to site ipsec tunnel was possible with pfsense running behind a natted isp router tunneling to a ASA with a public ip.

      Example
      PFSense Wan is 192.168.100.150 that has a static 1 to 1 nat to a public ip on the ISP router
      PFsense Lan is 192.168.33.0/24
      ASA has a public ip. inside 192.168.0.0/24 Tunnel group and crypto map are pointed to public ip of ISP router that is natted to the wan ip on pfsense.

      1 Reply Last reply Reply Quote 0
      • M
        mst
        last edited by

        http://doc.pfsense.org/index.php/IPsec_between_pfSense_and_Cisco_IOS

        enjoy

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          You may or may not get that to work on 1.2.x, depending on how well the router in front of pfSense handles IPsec passthrough.

          2.0 has (or will have? not sure if it's 100% yet) NAT-T which will make the scenario you are describing work regardless.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.