Reflective routing
-
I have been trying to figure this out for days now ….
Here's the setup:
2 networks (production and virtual) w/ 2 pfSense boxes (prod = 1.2 & virt = 1.3/2.0) as their GW to the internet.
2 ISP connections w/ static addressing.
1 router in between the 2 networks [tried Cisco & Vyatta] (no default route, just statics that point to the pfSense boxes for the connected networks).2 hosts on each network (host V1-win32, V2-*NIX on the virtual network & hosts P1-win32, P2-*NIX on the production network).
So .. now the issue:
I have been able to (when the virtual pfSense box was 1.2) point all traffic on either network to the GW (pfSense) and then add static routes to either pfSense box for the other network (prod or virt) via the "common router" (Cisco or Vyatta) and communicate with no issues.
I have since been testing on the virt network w/ 1.3/2.0 and am no longer able to reflective route. I tried downgrading the 1.3/2.0 box to a 1.2.1 release and noticed the same results.
I see traffic entering the network via the intermediate router … from the prod network going in the prod > virt, but it never gets reflected back out to the prod network.
From the virt network ... I see no traffic going to the prod network at all (again via the intermediate router).
I'm wondering if there is a known reason why reflective routing is borked on the "newest" pfSense releases as it worked seamlessly on the older stable 1.2 release?? ??? ???
I know this may be tough to follow and I HAVE provided a picture if it helps ... ANYONE!!!
Thanks!!!