OMG, I am a friggin idiot.  when I copied the rules LAN 1 had, I copied them to the T.  I just needed to change the source from LAN net, to LAN2 net.  im such a moron hah.  Everything is working golden now.

https://doc.pfsense.org/index.php/Connectivity_Troubleshooting [image: crystalball.png] [image: crystalball.png_thumb]

They will configure the sonicwall on there end i just need to make sure that pfsense is routing correctly on my end

I'm not sure I understand your problem. Your switches can ping 8.8.8.8 so indeed they can talk to the outside world. What is what does not work? Regular hosts plugged onto those switches are the ones that can't? Also, why all ports on all switches are set up as trunks? Shouldn't you have at least some access ports where you plug in your hosts?

This is dpinger logging parameters at startup. Nothing to be concerned about.

The Monitor ping seemed to do the trick.  Thank you for all of the help!

Yes. You may also realize that by a VLAN on your existing LAN cable. But if the vpn server has a LAN IP request from vpn clients to LAN devices will be sent directly to the the devices, while the LAN devices will sent their responses to the default gateway. In addition you also need to add a route to the vpn server for the LAN network pointing to pfSense, of course. Another way to resolve that is to add an static route for the vpn tunnel to each LAN device you want have access.

@everyone I would like to thank you all for your advice and it was great advice. I was able to achieve my goal and remove the Cisco switch. @heper's suggestion, I put the /29 network as the WAN address and since I already had the /24 as VIPs, everything worked like a charm.  Thank you for guiding me!  Tomorrow morning, I am heading to my satellite office and putting in another pfsense box with a ipsec site to site vpn. I can now have uniformity between my 2 offices (already got that working in my test lab!  :) ). Thank you all for your help!

When you do a normal MLPPP connection on the router your DSL modems in bridge mode..  ( I used Zoom 5615 and 5715 models which are bridge only) you have an interface for each modem.  The interfaces can be set up with maintenance IP's or left without. Then you set up a PPP      /interfaces_ppps.php    and use the ctrl key as you choose all the interfaces where your modems reside.  Fill in you user name and password. I believe this is what your talking about…    I no longer use this setup as Im on a bonded circuit now at the shop but still have some info around. [image: mlppp.jpg] [image: mlppp.jpg_thumb]

@twinzco: I have solved the issue. You can see a link here: https://forum.pfsense.org/index.php?topic=105644.0 Just modified Data Payload from 0 to 1. And everything works fine! Resolved my issue as well.

No no, forget about routing! You cannot just route from the internet towards a private internal IP. Tracerouting from the WAN interface of pfSense does not make any sense at all, of course it will always try to send it to the internet. I suggest you go back to the drawing board and think carefully what you want to achieve. If you want, make a diagram and post exactly what you want to achieve, I can help you

Use network and put the alias in the network field.

"hat router is connected to an isp that pfSense has no connection to" Well then your kind of screwed.. Can you share routing protocols with that router that is downstream?  If not even if you send traffic to it from pfsense, those clients would just send traffic out the default gateway since it has no route back.  You would have to source nat all your traffic from your downstream to look like its on the transit network.

Yes. You need DNS servers assigned in System > General with assigned gateways. At least one DNS server for each gateway. Then either use the forwarder or use the resolver in forwarding mode. If you use the resolver in forwarding mode you probably want to disable DNSSEC.

@Javik: Apparently to test this, I will need to build a test bench. Set up two spare desktop computers running pfSense, install a bunch of NICs, connect the two together with multiple network cables forced at 10 megabit, and see if MPD can be set up to combine them. That would be absolutely awesome if it could! Ive got two 5 NIC boxes sitting here doing nothing right now other than some RIP and OSPF testing for an upcoming project..  I will see if I can do the same and test this..

For the reader's sake, this is what I ended up doing… On the Production Subnets' firewall: Add an "IP Alias" type Virtual IP on the Subnet B interface, setting the IP address set to an unused IP on that subnet Add a port forward on the Subnet B interface (NOT the WAN interface) from the VIP to the Host Z IP On the Test Subnet firewall: Add an "IP Alias" type Virtual IP on the LAN interface, setting the IP address equal to that of Host Z Add a port forward on the LAN interface (again, NOT the WAN interface) from the Host Z VIP to the upstream firewall's VIP on Subnet B Note that this works only for protocols that are supported by pfSense's NAT-ing capabilities. Since ours was a database connection (TCP 1433), this works just fine.