IPSec pfSense to ASA 5505: Overlapping Subnets

  • Good morning,

    I am attempting to setup a pfSense box between our main office and a few branch offices that we have begun providing services for.  There are about 12 sites total and of the 12 sites 50% of them are using the same subnet as us

    Is it possible to setup a L2L VPN between pfSense and the ASA at each of these offices?  I am looking to be able to give the subnet behind the pfSense box access to just 1 server in each of the branch offices.  With 2.1 is it possible to set up something like this or am I wasting my time?

    Thank you.

  • In 2.1, there is an option to NAT the local network on the phase two. I'll be trying it out in a week or two when I replace a 5510 with clustered pfSense boxes. You can also NAT on IPSec on the ASA's if you need to.

  • So it is theoretically possible to connect our local subnet ( once nat'd to ( to a remote single host ( that is nat'd to (

    Thank you.

  • For the sake of your sanity (speaking from bitter experience) change the remote subnets.

    I spent years using NAT to workaround just this issue, and with sites daisy-chained together over private circuits I'd got NAT(NAT(NAT))) going on in some cases!  It took me about a day to completely renumber each LAN (about 65-70 PCs each + servers, switches, printers, router(s), etc) - I wish I'd done it years ago!

Log in to reply