Note: I believe this should be moved to Routing/MultiWan
I wasn't able to make this work. I made a better diagram:
[image: uctkd.png]
Note the "Desired Configuration" on the image.
I can see connections coming in from the internet on the 30.10.0.2 IP just fine. The Cisco still routes this connection because the IP is on its subnet and it is directly accessible.
But replies will go out through the pfSense because that's the default gateway of the client.
How can I make the pfSense route connections from 30.10.0.x/26 back to the Cisco?
I tried using policy routing with a rule of Source 30.10.0.x/26 -> gateway IP: 192.168.100.1 (dedicated VLAN interface to Cisco) - but, initially, pfSense just dropped the packet and didn't even let it exit the firewall even with a 'pass all' rule. I had my head scratching for a few hours until I tried changing 'keep state' to 'none' on the rule, and I could now see it leave the DMZ interface, but it now gets stuck trying to exit the VLAN interface. The 'none' trick didn't work here, no matter what I tried (pass all, etc), the firewall didn't let the packet go out.
Here's the packet getting stuck on its way out:
[image: Iyjgw.png]
My understanding is that the following needs to happen:
[image: WfKx0.png]
I looked through the pfSense book several times but couldn't find a similar scenario.
Any ideas? Is this even possible or is there a better way?
(I'm still not sure whether the Cisco will allow these packets to go out, they probably wouldn't have any state associated and they would come in on a different interface - the VLAN.)
