Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1613
  • Last Modified:

Installing pfsense after cisco ASA for VPN only

As the title suggests, I'm thinking about adding VPN capability to my site, for IT use only.  I want to stay away from the expensive Cisco vpn licenses and complicated setup.  This is only as a test right now.. But I'm wanting to know how difficult it'd be to configure a box running PfSense and place it inside the network and fwd ipsec VPN requests to it.

has anyone done this before or experienced enough to tell me if this will work and if not why?

Thanks
0
Ben Hart
Asked:
Ben Hart
1 Solution
 
TimotiStDatacenter TechnicianCommented:
Routing might be an issue, if the pfSense box is on the same subnet as the computers to be accessed, if you're thinking IPSec.
A bridged openvpn solution might be easier, with more features (remote wake-on-lan, ARP checks, etc.), but it'll be slightly lower bandwidth.
Doesn't the ASA provide a limited number of VPN connections by default?
0
 
Ben HartAuthor Commented:
I believe the ASA as its configured right now is limited in vpn connections. Honestly though I am looking at this for myself only. Our main site is where all current vpn connections terminate. In the event of downtime as we had two days ago with a large ATT fiber being cut, I had no remote access to my site whose internet access was not affected.
0
 
Marty BlockOwnerCommented:
This should be fairly easy . PFSense has a vpn wizard.. Assume that your cisco firewall will allow you to pass a public ip through the firewall to just one physical port on the ASA firewall. I suggest this because if you do a NAT you may have trouble with the VPN connection because of the actual IP (that is public) for vpn connection will not be the 'real' ip on the public side of the PF sense firewall. In this case you may find it necessary to use the public ip on the pf sense in place of the translated NAT ip.. in any event the pfsense wizard will take you through the process of creating the rules and the bridg-able ip space you need for the connection, and I think there is a separate wizard to create the self signed certs you need for the process.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now