4. OpenVPN connected device to reach a server farm behind an ASA

OpenVPN connected device to reach a server farm behind an ASA

  • C

    Hello Everybody.

    The simplified network drawing represents a brief of my network. hopefully it is clear.

    I have been using pfsense for many years as an internet gateway so all the devices on the LAN (172.17.0.0/16) have the pfsense machine (172.17.11.254/16) as its default gateway.

    Now in order to access the server farm (172.16.0.0/16), i add a static route to every device on the LAN that needs to reach the server farm as follows:

    route ADD 172.16.0.0 MASK 255.255.0.0 172.17.1.253 -p

    Where the 172.17.1.253/16 is the ASA firewall with appropriate access lists that governs the traffic between WAN, LAN and DMZ.

    I have 2 scenarios/questions:

    1- Recently i followed a tutorial about OpenVPN setup. the tutorial was clear and straight forward. it worked great and now i can access the LAN from my laptop using a 3G/4G connection. as per the sketch, the OpenVPN server will have an IP of 10.8.0.1/24 and my laptop will have 10.8.0.2/24 as an IP once connected through OpenVPN.
    my question is, how can i reach the server farm? what routes/firwall rules should i add at the pfsense machine in order to let any OpenVPN connected device (10.8.0.2,3,4 and so on) to reach one/all machines at the sever farm (172.16.0.0/16) through the ASA firewall (172.17.1.253/16)? should i use the GW_DMZ gateway in the second attachment? (leading to question 2)

    2- Back to the LAN devices (not related to OpenVPN), in order to get rid of the static route that i have to add on each device, i added a gateway that points to the ASA firewall (attachement 2). Then i used this gateway in a static route (Attachment 3). the fact is that it is working and i can reach the server farm without a static route on the device that i am using, but i noticed that the system is very sluggish with lots of freezing. also if i am using a remote desktop session to a machine at the DMZ, the remote desktop keeps on disconnecting, even for less than a minute of connection, sometimes the remote desktop session freezes then later on resume, sometimes it disconnects then automatically reconnects.

    i hope that i well explained the situation and i hope to hear from you guys.

    Thank you

    Camil
    ![pfsense network brief.png](/public/imported_attachments/1/pfsense network brief.png)
    ![pfsense network brief.png_thumb](/public/imported_attachments/1/pfsense network brief.png_thumb)
    ![Routing_ Gateways.png](/public/imported_attachments/1/Routing_ Gateways.png)
    ![Routing_ Gateways.png_thumb](/public/imported_attachments/1/Routing_ Gateways.png_thumb)
    ![Routing_ Static Routes.png](/public/imported_attachments/1/Routing_ Static Routes.png)
    ![Routing_ Static Routes.png_thumb](/public/imported_attachments/1/Routing_ Static Routes.png_thumb)

    0
  • C

    regarding point 2, i found the solution in one of the blogs. the following option needs to be selected (Checked)

    System -> Advanced -> Firewall and NAT -> Bypass firewall rules for traffic on the same interface.

    any hints for point 1?

    thank you

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy