Firewall Rules for IPSec VPN



  • Hello everybody!

    I am putting a Cisco ASA 5505 behind my pfSense, and its sole purpose in life will be to handle site-to-site IPSec tunnels.  I am also currently using the Mobile Road Warrior IPSec setup on the pfSense itself.

    My question, is if someone could confirm my thoughts on the firewall rule setup to make this happen.

    1. Forward all inbound traffic from the remote IP, on ports 500, 50, and 51 (created using a Port Alias) to the internal IP address of 10.10.1.5.

    2. Create a Gateway for IP 10.10.1.5.

    3. Define a static route for 10.125.25.0/24 (the subnet on the other end of the tunnel) through 10.10.1.5.

    4. The ASA should handle the traffic from that point.

    Does it appear that I'm missing anything?  Am I wrong in my understanding that the ASA will do the rest of the heavy lifting for the traffic across the tunnel?

    Thanks,
    Daryl