Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall Rules for IPSec VPN

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 545 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      dsvj1977
      last edited by

      Hello everybody!

      I am putting a Cisco ASA 5505 behind my pfSense, and its sole purpose in life will be to handle site-to-site IPSec tunnels.  I am also currently using the Mobile Road Warrior IPSec setup on the pfSense itself.

      My question, is if someone could confirm my thoughts on the firewall rule setup to make this happen.

      1. Forward all inbound traffic from the remote IP, on ports 500, 50, and 51 (created using a Port Alias) to the internal IP address of 10.10.1.5.

      2. Create a Gateway for IP 10.10.1.5.

      3. Define a static route for 10.125.25.0/24 (the subnet on the other end of the tunnel) through 10.10.1.5.

      4. The ASA should handle the traffic from that point.

      Does it appear that I'm missing anything?  Am I wrong in my understanding that the ASA will do the rest of the heavy lifting for the traffic across the tunnel?

      Thanks,
      Daryl

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.