Connection to ASA 5580 with multiple remote subnets NATTING local subnet



  • We have the task to connect our network via an ASA 5580 to multiple remote subnets.

    Our local net must be natted to a single public IP address before entering the VPN tunnel.

    The ASA has a configuration like this

    access-list vpn-b2b extended permit ip 1.1.1.0 255.255.255.0 host a.b.c.d
    access-list vpn-b2b permit ip 1.1.2.0 255.255.255.0 host a.b.c.d
    access-list vpn-b2b ip 1.1.3.0 255.255.255.0 host a.b.c.d
    …. many more entries like this...
    access-list vpn-b2b extended permit ip host 1.1.20.1 host a.b.c.d

    the host a.b.c.d is the ip address to which we must nat our subnet.

    In pfSense I have configured phase 1 to match the ASA parameters: main/3DES/SHA1
    Then for each remote subnet I have configured a separate phase2 entry with the local subnet natted to a.b.c.d.

    We have not yet been able to test the configuration as the customer has a very burocratic process to change the firewall.

    Is this a configuration that should work or should we get a cisco device ?



  • Today we were able to test. It just works!

    Lex


Log in to reply