[ previous ] [ next ] [ threads ]
 From:  James McKeand <james at mckeand dot biz>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  m0n0wall to Cisco ASA 5505 IPSec VPN
 Date:  Mon, 17 Jan 2011 17:03:32 -0600
I am trying to setup a VPN from a site with a 1.3 m0n0wall on a Soekris 4801 to a site with a Cisco
ASA 5505. I have no control over the Cisco.

I have been supplied the following parameters by the other end:
Remote Peer IP: 66.<snip>
Remote Network: 192.<snip>/24 (
Your Local Network: 10.1.2.<snip>/32 (

Phase 1
Negotiation Mode: Main
Authentication: Pre-Shared
Encryption: 3DES
Hash: SHA
DH: 1
Lifetime: 86400 sec
Pre-shared Key: <snip>

ESP encryption: 3DES
ESP authentication: SHA
Lifetime: 28800
PFS: Disabled

The instructions from other end state that I  will need to make an IPSec ACL from 10.1.2.<snip>/32
to remote network 192.<snip>/24 and I will need to NAT interesting traffic to 10.1.2.<snip>/32

My problem is that 10.1.2.<snip>/32 does not exist on my network. Our local subnet is It sounds like I need to make traffic coming from our server (192.168.100.x)
destined for their subnet (192.something not 168.100.0/24) look like it is coming from
10.1.2.<snip>/32. I would guess that Advanced Outbound NAT is what is needed. But I cannot get the
tunnel up with a local endpoint of 10.1.2.<snip>/32

I am quite sure that if I had an ASA I could do this (if I knew what I was doing on an ASA). Can
this be done on a m0n0wall? If not m0n0wall can pfsense do this?

James W. McKeand