Cisco Router Can't Ping PFSense LAN interface but PFsense can ping both Router Interfaces
-
Dear team, I need some help here. I configured a Cisco Router as a gateway for our Internet access and PFSense to Control the LAN. I can manage users well and we access internet. When in PFsense DOS i can ping the router and external interface even other public ips but when I log into the Cisco router, I can't ping the into LAN. Any help is welcome ASAP!
-
So out of the box pfsense does nat.. How would you think your upstream router from pfsense would be able to ping a LAN IP behind pfsense? that is has no idea how to get to, and would be blocked by the nat and firewall of pfsense anyway.
You wouldn't even be able to ping pfsense wan IP from your upstream router, unless you allowed it - since out of the box nothing is allowed to the wan IP, or anything behind pfsense, etc.
Along with out of the box pfsense blocks rfc1918 to wan.. Which I assume your upstream router for your "internet" is connected to pfsense via rfc1918 address..
-
@johnpoz said in Cisco Router Can't Ping PFSense LAN interface but PFsense can ping both Router Interfaces:
1918 address..
Thanks for the reply, I had already configured the router LAN interface to dhcp for my PFSENSE picked the WAN ip automatically and in the router I can ping the pfsense wan interface. Could the issue be with the PFSense security I didn't sent for External access?
-
Did you disable nat on pfsense?
Why does it matter if your upstream router can ping stuff behind your natting pfsense firewall? Makes no sense that would be required for anything to work?
As to external access in pfsense - no idea what you mean by that? Makes no sense at all.
I can ping the pfsense wan interface.
Then you clearly altered the firewall rules that are out of the box...
-
My Issue is, We have a remote office which we want their users to access our Server. They have a cisco router but no PFSENSE, the server is located where I installed pfsense so they can't connect to the server, they can only reach the PFsense WAN and not LAN. that's the case dear
-
So users vpn into you upstream router...
No its still not clear..
Is your pfsense wan IP public, or private (rfc1918)... If pfsense is doing nat and you want to get to stuff behind the nat, then you need to port forward.
Example if you want stuff upstream to get to server 192.168.1.100 behind pfsense on port 443... Then you would port forward that.. And users would hit your pfsense WAN IP..
-
@johnpoz said in Cisco Router Can't Ping PFSense LAN interface but PFsense can ping both Router Interfaces:
then you need to port forward.
Thanks, I will try through port forwarding then give you a feedback
-
I trust you understand that ping won't pass through NAT anyway. Port forwarding only works for TCP & UDP, but ping uses ICMP.
-
@JKnott
Thanks.. I had to re-configure my Cisco Router Interfaces with vlans and access lists then I managed to go through well.
Thanks much