4. Access to external subnet (Hairpinning or similar)

Access to external subnet (Hairpinning or similar)

  • O

    Hej

    Apologies if the answer to this is floating around somewhere in the forums….

    We have a client with a pfsense appliance on their site connected to ASA5505 in our datacentre (IPSEC site to site tunnel)

    We want allow them to work remotely via OpenVPN and connect to the resources behind the ASA5505

    Network layout is like this:-

    Customer site 10.10.88.0/24
    OpenVPN users get 10.0.34.0/24
    PFSENSE APPLIANCE
                |
                |
    ASA5505
    Our side 192.168.78.0/24

    I'm reading up on NAT reflection - however this seems to refer to external NATs - not to our scenario (I may well be reading it wrong, so please excuse me)

    Any assistance / guidance gratefully received.

    • Have considered dropping the OpenVPN clients straight into the back LAN - but that appears to get somewhat messy

    pfsense version 2.0.1 (i386)

    Many thanks

    /b

    P.S. - Yes we could connect them to our ASA, however we don't want to for architectural reasons...

    0
  • H

    i dont see a reason to use any kind of nat.

    as i understand currently the 10.10.88.0/24 is routed over the vpn and can contact clients on 192.168.78.0/24.

    if it were me i'd just add routes on both ends for the openvpn subnet (10.0.34.0/24), that way vpn users can go over the tunnel to reach the devices behind ASA5505.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy