IPSec pfSense to ASA 5505: Overlapping Subnets
-
Good morning,
I am attempting to setup a pfSense box between our main office and a few branch offices that we have begun providing services for. There are about 12 sites total and of the 12 sites 50% of them are using the same subnet as us 192.168.111.0/24.
Is it possible to setup a L2L VPN between pfSense and the ASA at each of these offices? I am looking to be able to give the subnet behind the pfSense box access to just 1 server in each of the branch offices. With 2.1 is it possible to set up something like this or am I wasting my time?
Thank you.
-
In 2.1, there is an option to NAT the local network on the phase two. I'll be trying it out in a week or two when I replace a 5510 with clustered pfSense boxes. You can also NAT on IPSec on the ASA's if you need to.
-
So it is theoretically possible to connect our local subnet (192.168.111.0/24) once nat'd to (10.10.10.0/24) to a remote single host (192.168.111.205) that is nat'd to (10.10.100.205).
Thank you.
-
For the sake of your sanity (speaking from bitter experience) change the remote subnets.
I spent years using NAT to workaround just this issue, and with sites daisy-chained together over private circuits I'd got NAT(NAT(NAT))) going on in some cases! It took me about a day to completely renumber each LAN (about 65-70 PCs each + servers, switches, printers, router(s), etc) - I wish I'd done it years ago!
