Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Connection to ASA 5580 with multiple remote subnets NATTING local subnet

    IPsec
    1
    2
    393
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lexl last edited by

      We have the task to connect our network via an ASA 5580 to multiple remote subnets.

      Our local net must be natted to a single public IP address before entering the VPN tunnel.

      The ASA has a configuration like this

      access-list vpn-b2b extended permit ip 1.1.1.0 255.255.255.0 host a.b.c.d
      access-list vpn-b2b permit ip 1.1.2.0 255.255.255.0 host a.b.c.d
      access-list vpn-b2b ip 1.1.3.0 255.255.255.0 host a.b.c.d
      …. many more entries like this...
      access-list vpn-b2b extended permit ip host 1.1.20.1 host a.b.c.d

      the host a.b.c.d is the ip address to which we must nat our subnet.

      In pfSense I have configured phase 1 to match the ASA parameters: main/3DES/SHA1
      Then for each remote subnet I have configured a separate phase2 entry with the local subnet natted to a.b.c.d.

      We have not yet been able to test the configuration as the customer has a very burocratic process to change the firewall.

      Is this a configuration that should work or should we get a cisco device ?

      1 Reply Last reply Reply Quote 0
      • L
        lexl last edited by

        Today we were able to test. It just works!

        Lex

        1 Reply Last reply Reply Quote 0
        • First post
          Last post