Site to Site with ASA PFSense box behind a static nat
ns1113 last edited by
I was wondering if a site to site ipsec tunnel was possible with pfsense running behind a natted isp router tunneling to a ASA with a public ip.
PFSense Wan is 192.168.100.150 that has a static 1 to 1 nat to a public ip on the ISP router
PFsense Lan is 192.168.33.0/24
ASA has a public ip. inside 192.168.0.0/24 Tunnel group and crypto map are pointed to public ip of ISP router that is natted to the wan ip on pfsense.
mst last edited by
You may or may not get that to work on 1.2.x, depending on how well the router in front of pfSense handles IPsec passthrough.
2.0 has (or will have? not sure if it's 100% yet) NAT-T which will make the scenario you are describing work regardless.