Pfsense VMware cisco



  • Guys.

    I am having a bit of a hard time moving from Smoothwall over to pfSense on my home setup. I am going to try and keep it simple I have an vSphere 6.5 ESXi host and I also have a 48 ports managed Cisco switch. I have multiple VLANs but for the purpose of this post we will keep it to two VLANs.

    On my Cisco switch I have two VLANs. Lets say VLAN10 and VLAN11. Each VLAN with the exception off the ISP has a VLAN IP address assigned and can route between VLANs

    Servers = VLAN10 = 192.168.1.254
    Computers = VLAN11 = 192.168.2.254
    ISP = VLAN12 = DHCP from ISP

    I have created a Trunk port on the Cisco switch which is then is also setup on VMware.

    On the VMware side I have a vSwitch which then has a port group for VLAN10 and VLAN11

    On the pfsense side of things. The IP address is 192.168.1.253

    vmx0 = ISP
    vmx1 = Servers

    I have tried adding vmx2 which is connected to VLAN11 but no dice.

    All computers and equipment have the default gateway of the VLAN they are on. So Servers = 192.168.1.254 and Computers = 192.168.2.254. On the Cisco switch I have the default gate way set as

    ip route 0.0.0.0 0.0.0.0 192.168.1.253

    Now I can get up and running and everything on the Servers VLAN can get out to the internet fine. I guess as pfsense is on the same VLAN as servers and the Cisco default gateway points back to the pfsense.

    If I logon to the console of the pfsense I can ping from the command line all my vlans. However VLAN11 devices are unable to get out. I have tried , routes, rules and everything I can think of but I just can't get out to the internet. Also a device on VLAN11 can not ping the pfsense server. I must be missing a route or config setting. Any ideas?

    Thanks in advance


  • LAYER 8 Global Moderator

    Huh??  So your cisco is L3 and its routing?  If so what does pfsense have to do or care about the vlans.. If your going to use your switch as L3 then pfsense would just be connected to this downstream router via a transit network.

    "On my Cisco switch I have two VLANs. Lets say VLAN10 and VLAN11. Each VLAN with the exception off the ISP has a VLAN IP address assigned and can route between VLANs"



  • Thanks for the reply.

    I am not looking to have pfsense as the default gateway for each of the VLAN's. I am just looking to have the VLAN's pass through pfsense to get out to the internet.


  • LAYER 8 Global Moderator

    and they would do that via transit network, and pfsense doesn't give 2 shits about the vlans at this point.. You would not create any vlans on the pfsense at all.. You just need the transit network that connects to the downstream L3.

    You would adjust the rules on the interface to allow the downstream networks, and you would adjust your outbound nat for them.  And you would create routes on pfsense so it knows where to send, ie your cisco IP in the transit to get to the downstream networks.



  • Thanks. Your tone has been most helpful in helping me with this issue.  >:(


  • LAYER 8 Global Moderator

    Tone?  How exactly did you hear tone?  Do you have something reading the text to you?  You should adjust it to happy go lucky tone then.. Sounds like you have it configured wrong if you perceived anything but wanting to help you..

    Adjust it more to a Bob Marley sounding, if you have it set for say Samuel L. Jackson screaming about snakes or something ;)


Log in to reply