[SOLVED] Changed LAN now have Firewall TCP:SA issues

  • Hello all, already followed all the troubleshooting steps I found at https://doc.pfsense.org/index.php/Asymmetric_Routing_and_Firewall_Rules and the problem still exists so I am hoping someone here can help.

    I recently went into Interfaces > LAN1 and changed the CIDR notation from 24 to 23 in order to double the number of IP addresses on LAN1. I did not change the static IPv4 address for LAN1 which remains at

    I then went to Services > DHCP Server > LAN1 and changed the range from to to instead be to I confirmed that the Subnet is now, Subnet mask is now, and available range now shows -

    I then went to Firewall > NAT > Outbound and updated each mapping pertaining to source so that source was now

    All clients having an IP address between - work as expected; however, any client using an address received via DHCP in the new range of - cannot access any of the clients in the original network range of -

    Here is what appears in the firewall log:
    Mar 9 12:31:12 LAN1 TCP:SA
    Mar 9 12:31:12 LAN1 TCP:SA

    Since the steps to fix TCP:SA issues listed on the above website did not work, does anyone have any ideas what I did wrong and how to fix it? My only goal is to increase the range of IP addresses available on our LAN.

    Thanks in advance!

  • Never mind everybody.

    This was just bad luck of the draw on my part. Had I tried connecting to anyone of our other servers instead of always testing to the same one (i.e.,, I would have figured it out sooner.

    The system that I was trying to connect to (i.e., simply wasn't updating it's network configuration. It still believed the old subnet mask was instead of A complete restart fixed it and I am not having problems connecting to any of our other servers as they all know the updated network details.


Log in to reply