Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense/gre, cisco ASA 5505, IPsec

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      aug487
      last edited by

      the setup is:

      PFsense2.0 <-> ASA 5505 <-> internet <-> VPN device
      The PFsense box also has another internet connection that the local subnet uses. The ASA public access in strictly for the VPN. Only VPN traffic is routed through the interface from the router to the ASA.

      NAT and IPSec is handled well by the ASA, the IPSec tunnel is operational and the location we are trying to connect to say everything looks good on their end, but we have to terminate a GRE tunnel on our end. I've been tasked with terminating the tunnel in the Pfsense box, this is the only option available to me. I don't know if the ASA can handle GRE tunnels, and even if it can I'm not allowed to do it there. I'm told by my superiors that it does pass the GRE. I will be allowed to setup some NAT and ACL rules on the ASA, but the tunnel must terminate in the PFsense box.

      I received a degree in network administration 2 years ago, and haven't worked in the field since. My skills and technical knowledge are rusty, but coming back to me. My experience with VPN's is nil, but i have been reading up on them, and have a grasp on general IPSec+ GRE operation.

      The company we are setting up the VPN with assures me i can terminate the GRE after the ASA. They are the network we are trying to connect to. They have setup the addressing and sent us the setup specifications. Anything at the remote site is set in stone.

      I have all the addressing i need to setup the GRE.
      Pfsense asks for:

      Parent interface: I've set this to the interface connecting to the ASA
      GRE remote address: This i have set to the remote public ip, but I'm not sure that is the correct procedure
      GRE Tunnel local address: currently have this set to 192.168.1.65 and setup a NAT rule on the ASA to translate to the assigned address for our GRE tunnel endpoint
      GRE remote tunnel address: this i have set to the assigned address we received for the GRE remote tunnel endpoint

      Now i'm stuck.

      I've looked for solution online and from I've seen i need to do some of the following, but when i try, nothing works:

      create a route-able GRE interface - wasn't ping-able
      route packets through the GRE tunnel - how?

      Don't flame me to hard, I'm a fairly intelligent individual, but I'm in slightly over my head due to my lack of VPN experience.

      Any help would be greatly appreciated

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.