Pfsense device installation into network with CISCO router/modem existing



  • Hi, I'm a newbie at this … and let me know if this is the wrong part of the forum to be posting this.

    Currently, I've got a CISCO 877 Router which does NAT for the network. Am not a wizard with CISCO stuff and bought it for it's stability which proved well up to now.

    I've just got PfSense installed and want this to be the main device doing all NAT etc. as it's easier for us to maintain it.

    Which means, one of the NIC's IP address would be a public one. And because it doesn't have an ADSL modem in it, I assume the CISCO can and will still play a part in being the ADSL Modem. (BTW, is there a ADSL Modem only in the market?)

    Question is on the migration and placement of the firewall device in.

    Would it be just a matter of turning the CISCO's NAT off, meaning deleting the records one by one and saving it to the running config? Then configuring the NIC of the firewall with the external addresses? Obviously, the new firewall will have to be configured to route things correctly.

    Also, how would I be able to access the CISCO via the SDM from then on? I've got 4 ports which are internal IP addresses (some of them seperate internal IP addresses). Would these 4 ports be no longer active? Would the traffic be just thrown back to the new Firewall? And would these 4 ports have some sort of public IP?

    Any advice here? I hope I'm making myself clear. Please see attached sketch diagram. Apologies for the hand written one.

    Would like to know these things before I do something irreversible.



  • Are you able to get a adsl modem from your service providor? Do away with the Cisco all together would probably be the easiest.



  • I agree with cal_j here.

    There is much more to it than just deleting a few rules. Since you're not too familiar with Cisco, I'd see if your ISP can provide a modem for you. If you have connectivity issues with the DSL line down the road, it will be easier for them to troubleshoot as well. ISP's love to point the finger at someone else's hardware… especially with DSL lines. Otherwise, I'm sure you can find a new modem for not too much money... of course there is always ebay as well. If you go this route, find out which modem your ISP likes best. Some devices play together better than others.


Log in to reply