Solved

Installing pfsense after cisco ASA for VPN only

Posted on 2014-04-01
3
1,495 Views
Last Modified: 2014-04-07
As the title suggests, I'm thinking about adding VPN capability to my site, for IT use only.  I want to stay away from the expensive Cisco vpn licenses and complicated setup.  This is only as a test right now.. But I'm wanting to know how difficult it'd be to configure a box running PfSense and place it inside the network and fwd ipsec VPN requests to it.

has anyone done this before or experienced enough to tell me if this will work and if not why?

Thanks
0
Comment
Question by:Ben Hart
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 17

Expert Comment

by:TimotiSt
ID: 39969948
Routing might be an issue, if the pfSense box is on the same subnet as the computers to be accessed, if you're thinking IPSec.
A bridged openvpn solution might be easier, with more features (remote wake-on-lan, ARP checks, etc.), but it'll be slightly lower bandwidth.
Doesn't the ASA provide a limited number of VPN connections by default?
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 39969973
I believe the ASA as its configured right now is limited in vpn connections. Honestly though I am looking at this for myself only. Our main site is where all current vpn connections terminate. In the event of downtime as we had two days ago with a large ATT fiber being cut, I had no remote access to my site whose internet access was not affected.
0
 
LVL 1

Accepted Solution

by:
Marty Block earned 500 total points
ID: 39970096
This should be fairly easy . PFSense has a vpn wizard.. Assume that your cisco firewall will allow you to pass a public ip through the firewall to just one physical port on the ASA firewall. I suggest this because if you do a NAT you may have trouble with the VPN connection because of the actual IP (that is public) for vpn connection will not be the 'real' ip on the public side of the PF sense firewall. In this case you may find it necessary to use the public ip on the pf sense in place of the translated NAT ip.. in any event the pfsense wizard will take you through the process of creating the rules and the bridg-able ip space you need for the connection, and I think there is a separate wizard to create the self signed certs you need for the process.
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Meraki Alert - Client IP Detected 1 52
Objects in Cisco ASA 2 57
Dell SonicWall Connection 18 60
how to know if a router is connected to a certain port 9 49
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question