VLAN Routing To pfSense - Need Help Please
-
One more update. Added a gateway and a route so that I could to my VLANS. Still can't get out to the internet from them.
Cheers,
Miscue.
-
Put a host on 172.16.20.0/24 on GE9 (Or any other access port on VLAN 20.)
Can it ping 172.16.20.1?
Can it ping 172.16.15.2?
Can it ping 172.16.15.1?
-
Put a host on 172.16.20.0/24 on GE9 (Or any other access port on VLAN 20.)
Can it ping 172.16.20.1? Yes
Can it ping 172.16.15.2? Yes
Can it ping 172.16.15.1? No
Hi Dereict. Thanks for helping out. My answers are above. It's odd that I can get to 172.16.15.2 (Cisco SG300) but not 172.16.15.1 (pfSense). I also confirmed it's just not blocking ICMP as I cannot get to the pfSense webGUI on 172.16.15.1.
I can also ping all the other hosts on 172.16.20.x and other VLANS on the SG 300 (172.16.30.x)
Cheers,
Miscue -
After answering the above question. Should my Interface LAN IP addressing be set to the following to allow for the other subnets?
172.16.15.1/16?
Would changing the IP address allow for the routing of the other subnets? 172.16.15.x, 172.16.20.x, 172.16.30.x?
Screen shot attached of what I currently have in place.
 -
After logged into my older router (Asus Wifi/Router) the LAN IP was set to 172.16.15.1 with a netmask of 255.255.255.0, so I don't think that's the issue.
-
Another quick update: I can get to pfSense from my VLAN20 subnet (172.16.20.x). However, I still can not get to the internet from those subnets.
Added an Any-to-Any firewall rule for testing purposes. Same results though.
Cheers,
Brad
 -
Added an Any-to-Any firewall rule for testing purposes. Same results though.
That rule does not allow DNS (UDP), does not allow ping (ICMP)… Not sure how you are testing.
-
Yeah good call. Saw that. It was the issue. Added all protocols and it fixed the issue.
Now I'm getting odd RDP random disconnects.
-
Fixed the above with the attached screenshot.
 -
Thanks for everyones help. Much appreciated.
