NAT or Rule problem

Formator

Hi all!

I have the following settings:

|–-------|- WAN --------------------------------------|--------|--> (External IP 1 (82.192.53.x) via DHCP ISP Cable modem)
--192.168.3.0/24-- LAN -| pfSense |                                    ______________  | Switch |
                                  |---------|- OPT1 --192.168.1.0/24--| Cisco PIX VPN | --|--------|--> (External IP 2 (82.192.53.x) via DHCP ISP Cable modem)
                                                                                      ----------------
NAT on pfSense (Outbound)
Interface    Source    Source Port    Destination    Destination Port    NAT Address    NAT Port    Static Port    Description
OPT1      192.168.3.0/24    *                  *                  *                  *                *                NO                PIX   
WAN      192.168.3.0/24    *                  *                  *                  *                *                NO                Auto created rule for LAN

Rules on pfSense (LAN)
Proto    Source    Port    Destination    Port    Gateway    Schedule    Description   
TCP            LAN net    *    193.178.175.1    *    OPT1                    VPN Comp 1   
TCP            LAN net    *    193.178.175.2    *    OPT1                VPN Comp 2   
*              LAN net    *    *                    *    *                        Local LAN

What I have want to make with this setting is that some traffic from LAN which go on 193.178.175.0/30 subnet must go thru OPT1 interface, all other traffic thru WAN on Internet. On pfSense I have enabled DHCP Server only on LAN.

I have now problem that if pfsense boot before PIX I get on pfSence thru LAN interface DHCP request from PIX external interface and pfSense answer on DHCP request with internal IP 192.168.3.x. This result with VPN down...

I'm very sure that I have set something wrong on pfSense but when I have look here for solution I mostly get Load Balancer (how-to) but I don't wont it here because I have rules based route.

I will be very thankfull if you have any suggestion about this problem.

ginosteel

can u tell me where is 193.178.175.0/30 because from your sheme opt1 has 192.168.1.0/24

Formator

@ginosteel:

can u tell me where is 193.178.175.0/30 because from your sheme opt1 has 192.168.1.0/24

Thank you for replay and time. 193.178.175.0/30 network is VPN network on another side of VPN tunnel. OPT1 get IP from Cisco PIX and it is 192.168.1.0/24

For better anderstanding if I connect Cisco on normal computer with only one interface I will get from Cisco PIX IP 192.168.1.1 and I could connect only on 193.178.175.1 and 193.178.175.2 computers on another side of Cisco VPN tunnel. But on this normal computer I need Internet too.

ginosteel

as u posten it seems that in lan rules u let only :
TCP            LAN net    *    193.178.175.1    *    OPT1                    VPN Comp 1   
TCP            LAN net    *    193.178.175.2    *    OPT1                VPN Comp 2

try to add a new rule based on your needs for the third comp

Formator

@ginosteel:

as u posten it seems that in lan rules u let only :
TCP            LAN net    *    193.178.175.1     *    OPT1                    VPN Comp 1     
TCP            LAN net    *    193.178.175.2    *    OPT1                 VPN Comp 2

try to add a new rule based on your needs for the third comp

There is no third comp on another side of VPN only two exists, my problem is that Cisco externel interface somehow get IP from pfSense from LAN interface and I don't know how is this possible. This mostly happend when I boot pfSense before Cisco and when this happend Cisco afcourse can't astablish VPN connection. If boot order is right then all works ok and any computer behind pfSense (on LAN) have access to 193.178.175.0 network and internet…