Netgate SG-1000 microFirewall

Author Topic: Ipsec Asa Vpn  (Read 68 times)

0 Members and 1 Guest are viewing this topic.

Offline juanelop

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Ipsec Asa Vpn
« on: March 06, 2018, 09:58:06 am »
Hello community,

I hope you can help me with this problem, I have already configured the ipsec tunnel Asa, PFsense ---- to --- Cisco Firewall

these are my encryption phases:

         ike = 3des-sha1-modp1536 #Phase 1: modp1536 = DH group 5
        esp = 3des-md5-modp1024 #Phase 2

PFsense ip side public = X.X.X.X------------------------------ Cisco Firewall ip public = X.X.X.X
   subnet = / 24                                       subnet = XX.XXX.236.126 / 32    <------

As I mention the tunnel is already established, but to be able to access the subnet of Cisco XX.XXX.236.126/32, I have to make a nat with this ip that I was assigned --->

You can guide me a little so that my subnet consumes the services of through


Pablo I.G.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9988
  • Karma: +1127/-311
    • View Profile
Re: Ipsec Asa Vpn
« Reply #1 on: March 06, 2018, 07:19:38 pm »
From your "diagram", they are the ones who have to NAT.

What is the IPsec access list on the ASA side?

What is the phase 2 defined on your side (including any NAT if present there) ?
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!