Replacing a Cisco in a site-to-site VPN
-
I'm planning to replace a Cisco ASA 5510 with pfSense. My local network is a /24 out of a larger /16. The 5510 has an IPSec Site-to-Site VPN with a remote network that's defined as a network object group. The group contains 25 /32 entries that are spread out over the larger /16. I'm wondering how I should recreate this tunnel in pfSense.
Should I add 25 Phase 2 entries to the Phase 1 entry?
Will having that many Phase 2 entries cause any problems?
-
Yeah you'll have to have 25 P2s. May want to consider consolidating that for the P2s and controlling more tightly via firewall rules, but it'll work fine with 25 P2s as well.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.