Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Replace dual wan ISA SERVER with Pfsense

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 5.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rt_rex
      last edited by

      I have a ISA Server i need to replace.
      This ISA has two ADSL lines one is for internet ,the other is a VPN to another site.
      I also have Outlook web Access behind it.
      I nedd to have an idea of the problems i may find because this is a critical device.
      Lets assume i have this setup runnig on my isa.

      ISA NICS:
      LAN:10.10.10.250/24
      WAN:192.168.2/24
      VPN:10.3.1.1/24

      Internet ADSL Router –--WAN-|||| ISA ||||-VNP--VPN ADSL Router---------Company X
                                                       ||
                                                       LAN
                                                        |
                                               Owa(Outlook web Access)

      If i whant to have all the services running but whit pfsense is there any special need for Outlook webaccess or the VPN?
      If i bridge the VPN nic with LAN will it work ?
      How can i tell pfsense that all requests to the VPN network must use the VPN nic as gateway?

      Don´t Try this @home go outside!
      WIFI Link @ 76 km
      Pfsense with 3G USB

      1 Reply Last reply Reply Quote 0
      • B
        bunny
        last edited by

        Yes it can be done and done easily. You're looking at a dual wan and single lan setup. Then you're looking to setup vpn and anything else you want/need as well. pfsense supports IPsec, OpenVPN, and PPTP out of the box but since it is freebsd you could go into terminal and install anything you want. You can also setup the dual wan to do load balancing if you want (or not, completely up to you) and all vpn software requires a server address as far as I know so you have to tell it which wan to listen to. This solves the setting up which lan for vpn issue. Also, default with pfsense is that vpn auto punches a hole through the firewall (so no need to setup nat for it), and it auto bridges to the LAN if you setup your vpn IP range the same as the lan interface (your owa) so you do not have to worry about setting up a bridge. For example: owa ip is 192.168.1.10 and your vpn range is 192.168.1.100 to 192.168.1.115 then the vpn users will be able to connect to the owa.

        It really is a simple setup. The hardest part is setting up the vpn imho but maybe that is because I hardly know the first thing about them.

        1 Reply Last reply Reply Quote 0
        • S
          Supermule Banned
          last edited by

          ISA is capable of running Layer 7 inspection, and is very good at it.

          PFsense does not yet, and I still use ISA2006 for traffic inspection and delivery to the serverfarm….L7 is the one thing I miss in PFsense, and the reason for ISA not beeing replaced.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.