PFsense and Cisco 2821 ISR
-
I have a network with 7 sub networks. One of them is for VOIP; it had a Cisco 2821 ISR with a PRI card connected to the PSTN.
My current setup is working but I can't get computer on the VOIP subnet to connect to the internet. The computers on the VOIP subnet can connect to all the other subnets just fine.
I have a PFsense firewall/router connecting all the subnets together. I added a Gateway from System > Routing > Gateways
interface: VOIP
Name: CiscoVOIP
Gateway: 10.1.10.254On the VOIP interface
Description: VOIP
Type: Static
IP address: 10.1.10.253/24
Gateway: CiscoVOIP - 10.1.10.254On the status page it list the
CiscoVOIP 10.1.10.254 0.893ms 0.0% OnlineThe setup for the Cisco 2821 ISR is…
interface GigabitEthernet0/1
description PHONES
bandwidth 1000000
ip address 10.1.10.254 255.255.255.0
ip pim sparse-dense-mode
duplex auto
speed auto
h323-gateway voip bind srcaddr 10.1.10.254
!
interface Serial0/1/0:23
no ip address
encapsulation hdlc
isdn switch-type primary-ni
isdn incoming-voice voice
isdn calling-number 5555555555
isdn supp-service name calling
no cdp enable
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.1.10.253
ip http server
ip http authentication local
ip http secure-server
ip http secure-client-auth
ip http timeout-policy idle 600 life 86400 requests 10000
!
!
ip pim bidir-enable
ip pim register-source GigabitEthernet0/1When I do a trace route to google.com from the VOIP subnet it gets...
1 10.1.10.254
2 10.1.10.253
3 *
4 *
...
then it gets stuck in what looks like a loop. Any suggestions? -
So if your PFSense box is routing all the traffic, why did you add the Cisco 2821 as a gateway on the PFSense box?
Any chance you can share with us the routing table on your PFSense box? Diagnostics->Routes
Have you double checked your firewall rules to ensure that it isn't being blocked by PFSense?
-
Destination Gateway Flags Refs Use Mtu Netif Expire default 111.111.111.33 UGS 0 620671411 1500 em0 10.0.0.0/24 link#6 U 0 110815359 1500 em5 10.0.0.254 link#6 UHS 0 0 16384 lo0 10.1.0.0/24 link#5 U 0 11290345 1500 em4 10.1.0.254 link#5 UHS 0 0 16384 lo0 10.1.10.0/24 link#4 U 0 5508385 1500 em3 10.1.10.253 link#4 UHS 0 0 16384 lo0 10.1.55.0/24 10.1.55.2 UGS 0 4 1500 ovpns1 10.1.55.1 link#16 UHS 0 0 16384 lo0 10.1.55.2 link#16 UH 0 0 1500 ovpns1 10.1.56.0/24 10.1.56.2 UGS 0 33113 1500 ovpns2 10.1.56.1 link#17 UHS 0 0 16384 lo0 10.1.56.2 link#17 UH 0 0 1500 ovpns2 10.1.57.0/24 10.1.57.2 UGS 0 150 1500 ovpns3 10.1.57.1 link#18 UHS 0 0 16384 lo0 10.1.57.2 link#18 UH 0 0 1500 ovpns3 10.1.251.0/24 link#3 U 0 333920315 1500 em2 10.1.251.5 link#3 UHS 0 0 16384 lo0 10.1.254.0/24 link#2 U 0 11941300 1500 em1 10.1.254.254 link#2 UHS 0 0 16384 lo0 10.200.1.0/24 link#8 U 0 162603 1500 em7 10.200.1.1 link#8 UHS 0 6 16384 lo0 111.111.111.32/28 link#1 U 0 805247 1500 em0 111.111.111.36 link#1 UHS 0 0 16384 lo0 111.111.111.37 link#1 UHS 0 0 16384 lo0 111.111.111.38 link#1 UHS 0 0 16384 lo0 111.111.111.41 link#1 UHS 0 0 16384 lo0 111.111.111.42 link#1 UHS 0 0 16384 lo0 127.0.0.1 link#15 UH 0 3338 16384 lo0 172.16.1.0/24 link#7 U 0 3609759 1500 em6 172.16.1.1 link#7 UHS 0 0 16384 lo0 222.222.222.77 111.111.111.33 UGHS 0 577484408 1500 em0
I have change the public IP address to 111.111.111.* 222.222.222.*
Two weeks ago I moved the routing of the Cisco 2821 ISR onto the PFsense, but I never delete the gateway. I was thinking that is what I needed to do, but I didn't want break the phone system again only to find out that was not the answer. :)The firewall rules on the VOIP network block access to two of the subnets, and allow all other traffic.
I should also add that all the phone and computer on the VOIP network have there gateway set to 10.1.10.254
-
OK I removed the gateway from the VOIP network, and it's routing just fine now, thanks. ;D