Ipsec Asa Vpn



  • Hello community,

    I hope you can help me with this problem, I have already configured the ipsec tunnel Asa, PFsense –-- to --- Cisco Firewall

    these are my encryption phases:

    ike = 3des-sha1-modp1536 #Phase 1: modp1536 = DH group 5
            esp = 3des-md5-modp1024 #Phase 2

    PFsense ip side public = X.X.X.X------------------------------ Cisco Firewall ip public = X.X.X.X
      subnet = 192.168.105.0 / 24                                      subnet = XX.XXX.236.126 / 32    <------192.168.16.109

    As I mention the tunnel is already established, but to be able to access the subnet of Cisco XX.XXX.236.126/32, I have to make a nat with this ip that I was assigned ---> 192.168.16.109

    You can guide me a little so that my subnet 192.168.105.0/24 consumes the services of 10.225.236.126 through 192.168.16.109

    Greetings.

    Pablo I.G.


  • Netgate

    From your "diagram", they are the ones who have to NAT.

    What is the IPsec access list on the ASA side?

    What is the phase 2 defined on your side (including any NAT if present there) ?