Connection to ASA 5580 with multiple remote subnets NATTING local subnet
-
We have the task to connect our network via an ASA 5580 to multiple remote subnets.
Our local net must be natted to a single public IP address before entering the VPN tunnel.
The ASA has a configuration like this
access-list vpn-b2b extended permit ip 1.1.1.0 255.255.255.0 host a.b.c.d
access-list vpn-b2b permit ip 1.1.2.0 255.255.255.0 host a.b.c.d
access-list vpn-b2b ip 1.1.3.0 255.255.255.0 host a.b.c.d
…. many more entries like this...
access-list vpn-b2b extended permit ip host 1.1.20.1 host a.b.c.dthe host a.b.c.d is the ip address to which we must nat our subnet.
In pfSense I have configured phase 1 to match the ASA parameters: main/3DES/SHA1
Then for each remote subnet I have configured a separate phase2 entry with the local subnet natted to a.b.c.d.We have not yet been able to test the configuration as the customer has a very burocratic process to change the firewall.
Is this a configuration that should work or should we get a cisco device ?
-
Today we were able to test. It just works!
Lex