Cannot using LAN VIP to access control website
-
Hi guys,
I'm a beginner . I installed pfsense HA with all IP below. I have a VM same IP subnet with LAN is 172.16.100.7, I cannot ping LAN VIP. please help me or where I'm wrong. I also wanna access this IP to manage instead of pfsense master to access.
Additionally, I have create 3 VLAN on LAN card and I wanna three of them can access internet. Do I need create NAT outbound for per subnet to WAN VIP ?
Thanks so much to help me.
Pfsense 01
WAN 1: 10.84.100.2
LAN 1: 172.16.100.2
SYNC 1: 192.168.100.2Pfsense 02 :
WAN 2: 10.84.100.3
LAN 2: 172.16.100.3
SYNC 2 :192.168.100.3CARP WAN VIP: 10.84.100.4
LAN VIP:172.16.100.4 -
@tqtuan1512 said in Cannot using LAN VIP to access control website:
I installed pfsense HA with all IP below. I have a VM same IP subnet with LAN is 172.16.100.7,
Are the pfSense machines virtualized as well?
What do you see in Status > CARP on both?
@tqtuan1512 said in Cannot using LAN VIP to access control website:
I cannot ping LAN VIP. please help me or where I'm wrong. I also wanna access this IP to manage instead of pfsense master to access.
Since the CARP VIP is occupied by the master, you always come to the master when using it.
@tqtuan1512 said in Cannot using LAN VIP to access control website:
Do I need create NAT outbound for per subnet to WAN VIP ?
Yes, but not clear what the source network 10.84.3.0/24 is in your setup.
-
@viragomann Yes, both of pfsense are virtual machine. they are hosted on ESXI.
On Pfsense01 , CARP status is master and Pfsense 02 is slave.
10.84.3.0/24 this is subnet of vlan 3. I also vlan 1 (10.84.1.0/24), vlan 2 ( 10.84.2.0/24)
I realized that I have to configure with IP address 172.16.100.4 is default gateway for LAN. But currently I needn't use LAN subnet because I create 3 VLAN which should be used.
I'm wondering that I created VLAN on pfsense master , but it didn't sync configure to slave. After I had to create VLAN on slave. Whether how can create VLAN on master and sync configure themself.
Sorry about my English is not good. I hope you can understand me. -
@tqtuan1512
Interface settings are not synced.
You have to create each of VLANs on both. On each node you need to assign an interface and an IP. Ensure that you do this in the same order on both!
Then add a VIP on the master to each VLAN. -
@viragomann Many thanks, I have a question. Please help me to clarify.
I don't wanna create VIP for IP vlan , but on the master and slave, I will create IP VLAN the same, example : 10.84.3.1 with vlan 3 on both pfsense ?
Additionally, I have fortigate 60D and ESXi server with 4 port NIC teaming ( load balancing) connect to switch 3650 ( all trunk vlan) , both pfsense are installed on this server,
and now I want to pfsense will be default gateway. all traffic out and in are running on 4 port NIC. how can configure it ? Diagrams is:User --> Switch 3650 --> pfsense HA--> Fortigate 60D --> Internet
-
@tqtuan1512
Yes, both pfSense instances need an IP in the VLAN, e.g. master 10.84.3.2, slave 10.84.3.3. After set up that you can add 10.84.3.1 as CARP VIP on the master.@tqtuan1512 said in Cannot using LAN VIP to access control website:
both pfsense are installed on this server
Both pfSense on the same hardware? The benefit of this may be a bit doubtful.
@tqtuan1512 said in Cannot using LAN VIP to access control website:
now I want to pfsense will be default gateway. all traffic out and in are running on 4 port NIC. how can configure it ?
Configure all your VLANs on the pfSense installations and on the switch. Configure your switch to manage your VLANs and the devices to use the pfSense CARP IPs as default gateways.
-
@viragomann Thanks for your reply. Currently, I can't reach CARP IPs, I don't know where I'm wrong, CARP IPs of LAN is 172.16.100.4. I only can ping CARP IPs of WAN 10.84.100.4
and if I create master 10.84.3.2, slave 10.84.3.3 with VLAN 3. After set up that you can add 10.84.3.1 as CARP VIP on the master. I cannot ping as well.