Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access to external subnet (Hairpinning or similar)

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      Oddnewfi
      last edited by

      Hej

      Apologies if the answer to this is floating around somewhere in the forums….

      We have a client with a pfsense appliance on their site connected to ASA5505 in our datacentre (IPSEC site to site tunnel)

      We want allow them to work remotely via OpenVPN and connect to the resources behind the ASA5505

      Network layout is like this:-

      Customer site 10.10.88.0/24
      OpenVPN users get 10.0.34.0/24
      PFSENSE APPLIANCE
                  |
                  |
      ASA5505
      Our side 192.168.78.0/24

      I'm reading up on NAT reflection - however this seems to refer to external NATs - not to our scenario (I may well be reading it wrong, so please excuse me)

      Any assistance / guidance gratefully received.

      • Have considered dropping the OpenVPN clients straight into the back LAN - but that appears to get somewhat messy

      pfsense version 2.0.1 (i386)

      Many thanks

      /b

      P.S. - Yes we could connect them to our ASA, however we don't want to for architectural reasons...

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        i dont see a reason to use any kind of nat.

        as i understand currently the 10.10.88.0/24 is routed over the vpn and can contact clients on 192.168.78.0/24.

        if it were me i'd just add routes on both ends for the openvpn subnet (10.0.34.0/24), that way vpn users can go over the tunnel to reach the devices behind ASA5505.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.