Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Replacing a Cisco in a site-to-site VPN

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alankeny
      last edited by

      I'm planning to replace a Cisco ASA 5510 with pfSense.  My local network is a /24 out of a larger /16.  The 5510 has an IPSec Site-to-Site VPN with a remote network that's defined as a network object group.  The group contains 25 /32 entries that are spread out over the larger /16.  I'm wondering how I should recreate this tunnel in pfSense.

      Should I add 25 Phase 2 entries to the Phase 1 entry?

      Will having that many Phase 2 entries cause any problems?

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Yeah you'll have to have 25 P2s. May want to consider consolidating that for the P2s and controlling more tightly via firewall rules, but it'll work fine with 25 P2s as well.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.