Thats right. Haw checked now. I can only assign an IP for the WAN.

@iamthed: I' ve setup pfsense behind the router.. but i found that when im try to ping to router from my lan net the ping isnt normal.. The latency reach 600ms..  but if im pingg to pfsense it shows 1ms.. its totally weird.. can you give me the solution for this.. thx Move your router and put it behind pfS making pfS the router: INTERNET <> MODEM <> pfSense <> Router follow this ignoring the wireless part. BE sure to disable NAT in the router too.

HTTPS certificates, for authentication, are only a protection for the client connecting to your server.  It's their way of knowing that it really is the server they think it is.  Always assuming that the client actually checks the certificate, as the onus is on them. From a server perspective, all you do is offer the certificate, and leave it to the client to decide if they want to continue connecting, or not. Cheers.

Is the IPsec tunnel on pfSense or the Cisco router? If it's on the Cisco, you probably also need to go to Interfaces > WAN and uncheck "block private networks"

Could some also please explain to me if I'm going about the right way for this: I would assign the 1st publically available IP to my WAN interface, then assign the 2nd publically available IPs to the DMZ interface, the assign the remaining IPs to the hosts in the DMZ. I then use the pfsense firewall rules to say what ports are allowed from the WAN to the DMZ. Is that correct? Am I using "bridging"?? Also, in the following document, what does the author mean by "Please also keep in mind that the option WAN address as source or destination will not be the first choice when running pfSense in transparent mode": http://pfsense.trendchiller.com/transparent_firewall.pdf Thanks

That looks perfect, thank you so much!

I re-checked everything. Probably is a switch thing. I use the vlan for VOIP. I tried connecting a laptop on the VLAN and everything worked just fine. Will check the switch. thanks for the help. best regards, -eduardo s.m.

Thank's for the hint, but this was the first thing I looked for. I found my fault, it had nothing to do with pfSense. It was a matter of routing inside the network.

Many Thanks..works like a charm !!

You also need to compare license and maintenance fees. Often the Cisco hardware is capable of a lot more features and functionality than you buy out of the box, but you must pay additional fees to unlock these. With pfSense you get all of the functionality without any of the added fees. (The "Cisco tax" as some people call it.) There are some features that a PIX/ASA has that pfSense doesn't (like IPsec+NAT) and there are many features that pfSense has that a PIX/ASA does not (too many to list here!) You may not be using any of these features, but many of us do. :)

That worked. Thank You.

I'm not sure if it is possible on 1.2.x, but on 2.0 beta you could probably configure WAN as "none" for the address type.

kpa is correct. That is normal traffic from the FTP helper, which is why it was logged.

The only rules that matter to the IPsec tunnel are on the IPsec tab, and there you have an allow all rule. What exactly is it that you are trying to accomplish? You're contradicting yourself saying you want to block all connections and still "see" the remote network. You have to allow something or the far side of that tunnel will never be able to get back into the network behind pfSense. What do you need to be able to do that you can't do with the rules you have?

It is now working!!!! Thank you so much!!!! Pfsense is a great that is why I stuck with it even though it has been difficult for me. I did not study computers in school but I now work in the IT field.

@sopheak: Can you post image to me. because i dont understand Or you could go to "Services|DHCP server", as clearly pointed out by GruensFroeschli ("config page of the DHCP"), and have a look. You should have one tab for each interface apart from WAN.

Hmmm.  Ok, I tried putting the PAP2T on the same LAN as the trixbox server to see if I would have the same problem.  On the same LAN, I don't have any of the issues that I reported in the original post which is good.  So, this problem occurs when the PAP2T is remote in either case (a) where the PAP2T is behind NAT on another network connecting via port forwarding to connect or in case (b) where the PAP2T is on a remote network at the end of a VPN tunnel to another pfsense box.

Well, my apologies. It seems that's re-enable the set up of the LAN does resolve the problem. I had some ethernet cable trouble… Thanks again for your help. ++

Yes weird thing is I saw the packets coming to pfSense and not coming out of another interface. It was happening to only this particular SYN packets with duplicated (already existent states). I'll try to double check but it seems remote side has fixed the issue.