Connection to ASA 5580 with multiple remote subnets NATTING local subnet
We have the task to connect our network via an ASA 5580 to multiple remote subnets.
Our local net must be natted to a single public IP address before entering the VPN tunnel.
The ASA has a configuration like this
access-list vpn-b2b extended permit ip 126.96.36.199 255.255.255.0 host a.b.c.d
access-list vpn-b2b permit ip 188.8.131.52 255.255.255.0 host a.b.c.d
access-list vpn-b2b ip 184.108.40.206 255.255.255.0 host a.b.c.d
…. many more entries like this...
access-list vpn-b2b extended permit ip host 220.127.116.11 host a.b.c.d
the host a.b.c.d is the ip address to which we must nat our subnet.
In pfSense I have configured phase 1 to match the ASA parameters: main/3DES/SHA1
Then for each remote subnet I have configured a separate phase2 entry with the local subnet natted to a.b.c.d.
We have not yet been able to test the configuration as the customer has a very burocratic process to change the firewall.
Is this a configuration that should work or should we get a cisco device ?
Today we were able to test. It just works!