NAT or Rule problem
-
Hi all!
I have the following settings:
|–-------|- WAN --------------------------------------|--------|--> (External IP 1 (82.192.53.x) via DHCP ISP Cable modem)
--192.168.3.0/24-- LAN -| pfSense | ______________ | Switch |
|---------|- OPT1 --192.168.1.0/24--| Cisco PIX VPN | --|--------|--> (External IP 2 (82.192.53.x) via DHCP ISP Cable modem)
----------------
NAT on pfSense (Outbound)
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
OPT1 192.168.3.0/24 * * * * * NO PIX
WAN 192.168.3.0/24 * * * * * NO Auto created rule for LANRules on pfSense (LAN)
Proto Source Port Destination Port Gateway Schedule Description
TCP LAN net * 193.178.175.1 * OPT1 VPN Comp 1
TCP LAN net * 193.178.175.2 * OPT1 VPN Comp 2
* LAN net * * * * Local LANWhat I have want to make with this setting is that some traffic from LAN which go on 193.178.175.0/30 subnet must go thru OPT1 interface, all other traffic thru WAN on Internet. On pfSense I have enabled DHCP Server only on LAN.
I have now problem that if pfsense boot before PIX I get on pfSence thru LAN interface DHCP request from PIX external interface and pfSense answer on DHCP request with internal IP 192.168.3.x. This result with VPN down...
I'm very sure that I have set something wrong on pfSense but when I have look here for solution I mostly get Load Balancer (how-to) but I don't wont it here because I have rules based route.
I will be very thankfull if you have any suggestion about this problem.
-
can u tell me where is 193.178.175.0/30 because from your sheme opt1 has 192.168.1.0/24
-
can u tell me where is 193.178.175.0/30 because from your sheme opt1 has 192.168.1.0/24
Thank you for replay and time. 193.178.175.0/30 network is VPN network on another side of VPN tunnel. OPT1 get IP from Cisco PIX and it is 192.168.1.0/24
For better anderstanding if I connect Cisco on normal computer with only one interface I will get from Cisco PIX IP 192.168.1.1 and I could connect only on 193.178.175.1 and 193.178.175.2 computers on another side of Cisco VPN tunnel. But on this normal computer I need Internet too.
-
as u posten it seems that in lan rules u let only :
TCP LAN net * 193.178.175.1 * OPT1 VPN Comp 1
TCP LAN net * 193.178.175.2 * OPT1 VPN Comp 2try to add a new rule based on your needs for the third comp
-
as u posten it seems that in lan rules u let only :
TCP LAN net * 193.178.175.1 * OPT1 VPN Comp 1
TCP LAN net * 193.178.175.2 * OPT1 VPN Comp 2try to add a new rule based on your needs for the third comp
There is no third comp on another side of VPN only two exists, my problem is that Cisco externel interface somehow get IP from pfSense from LAN interface and I don't know how is this possible. This mostly happend when I boot pfSense before Cisco and when this happend Cisco afcourse can't astablish VPN connection. If boot order is right then all works ok and any computer behind pfSense (on LAN) have access to 193.178.175.0 network and internet…