1 WAN and 2 LANS
-
Do the devices on your LAN2 have the pfSense as default gateway?
If you try to access the internet: do you see anything in the firewall log being blocked on OPT1?Can clients on LAN2 resolve names?
-
Yes, the devices are pointed to LAN2's gateway address. I am receiving a ton of blocks on LAN2, but I can not seem to find an easy way to export them besides a screenshot to place them on here.
-
Alright, so I still can not get to the internet. The layout of the network is like so:
Router –> WAN Port
192.168.0.XXX network --> LAN Port
192.168.10.XXX network --> LAN2 Port
LAN Port --> 192.168.0.XXX Switch
LAN2 Port --> 192.168.10.XXX Switch
Each switch has a cable going to the domain controller with 2 NIC's, so one is configured on the .0 network and one on the .10 network.The switches are configured with their own gateway, but I can ping internally everywhere. I just can not get out on the .10 network. The .0 network is still running fine.
-
Here is how I have the LAN2 setup, does anyone see this as not the correct way to set this up?
-
You have your LAN2 bridged with LAN.
Essentially you made LAN2 = LAN.
Disable the bridge and it should work. -
Thank you so much….that worked. That was changed the other day when we were at the very beginning stage of setting it up by someone else and I had not even looked at that again. Sorry for so many questions and I appreciate your help very much!
-
I have one more small problem that has been discovered today. I can not access anything through the VPN to the .10 network. I can get to the firewall through IE on the .10 network without any problem, but can not get to anything after that. Everything looks as if it is wide open once you are on the network. This is an example of a firewall log entry:
Nov 18 14:46:36 LAN2 192.168.10.30:3389 192.168.0.20:8701 TCP -
Alright, so this is still going on. I have rebooted the firewall, and that has resolved some other issues. The only thing that I still can not do once connected to the VPN, which is routing and remote access on the .0 network, is RDP or anything else to anything on the .10 network. I can ping everything though, which is odd. I am confused because if I VPN to any of our other sites, I can connect to anything without any problems. Therefore it has to be something within the firewall or Routing and Remote Access on the server, but for some reason I lean toward the firewall due to the firewall logs.
-
Hmmm.
If you click on the icon on the left side in the firewall log, you can see which rule blocked.
Did you change your firewall rules since you posted the screenshots?
According to your screenshot such a block
Nov 18 14:46:36 LAN2 192.168.10.30:3389 192.168.0.20:8701 TCP
should not happen. -
Alright, so I am still having a small issue with the firewall, and I have spent time with Microsoft on the phone thinking that it is a routing and remote access issue, but they refuse that it can be the problem. If I VPN into this location, which houses the .0 and .10 network, it gives me a .0 address, but I am not able to get to anything on the .10 network. If I am in the office and not VPN'd in, I can touch anything. If I VPN into another site, I can get to anything. I can ping things on the .10 network though if I VPN into the network and get a .0 IP, but nothing else. Attached are the most current screenshots. I understand that some are irrelevant, but this was before my time and I will clean it up in the long run. I just need this to work.
-
What kind of VPN are you using?
I'm kinda confused since you say you get IPs from both subnets?
Is that a bridged VPN setup?
Are you still using a bridge? -
The VPN is just Routing and Remote access that is a Windows Server Role. I do not physically get two IP addresses when I connect to the VPN, but I can ping both sides by dns or IP. I get a .0 address, but can not RDP or go to the web portal of anything on the .10 network. I am not sure what you mean if this is bridged.
