4. Access to external subnet (Hairpinning or similar)

Access to external subnet (Hairpinning or similar)

  • O

    Hej

    Apologies if the answer to this is floating around somewhere in the forums….

    We have a client with a pfsense appliance on their site connected to ASA5505 in our datacentre (IPSEC site to site tunnel)

    We want allow them to work remotely via OpenVPN and connect to the resources behind the ASA5505

    Network layout is like this:-

    Customer site 10.10.88.0/24
    OpenVPN users get 10.0.34.0/24
    PFSENSE APPLIANCE
                |
                |
    ASA5505
    Our side 192.168.78.0/24

    I'm reading up on NAT reflection - however this seems to refer to external NATs - not to our scenario (I may well be reading it wrong, so please excuse me)

    Any assistance / guidance gratefully received.

    • Have considered dropping the OpenVPN clients straight into the back LAN - but that appears to get somewhat messy

    pfsense version 2.0.1 (i386)

    Many thanks

    /b

    P.S. - Yes we could connect them to our ASA, however we don't want to for architectural reasons...

    0
  • H

    i dont see a reason to use any kind of nat.

    as i understand currently the 10.10.88.0/24 is routed over the vpn and can contact clients on 192.168.78.0/24.

    if it were me i'd just add routes on both ends for the openvpn subnet (10.0.34.0/24), that way vpn users can go over the tunnel to reach the devices behind ASA5505.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy