CISCO Router Config

Vinibo1

Can anyone help regarding setting up pfsense this is my config from a cisco router, I want to move to pfsense as my router.

interface GigabitEthernet0/0
description CONNECTION TO SERVER SWITCH
no ip address
duplex full
speed 1000
media-type rj45
no cdp enable
no mop enabled
!
interface GigabitEthernet0/0.10
description SERVER SWITCH 0/24
encapsulation dot1Q 10
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
description CONNECTION TO SERVICE PROVIDER
no ip address
duplex full
speed 1000
media-type rj45
no cdp enable
!
interface GigabitEthernet0/1.100
description INTERNET
encapsulation dot1Q 100
ip address 200.200.200.2 255.255.255.252
ip nat outside
ip inspect fwout out
ip virtual-reassembly in
no cdp enable
!
interface GigabitEthernet1/0
description CONNECTION TO SWITCH
no ip address
negotiation auto
no cdp enable
!
interface GigabitEthernet1/0.20
description OFFICE SWITCH 0/24
encapsulation dot1Q 20
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
!
!
no ip http server
ip http secure-server
ip nat inside source list 5 interface GigabitEthernet0/1.100 overload
ip nat inside source static 192.168.0.3 200.200.200.57
ip nat inside source static 192.168.0.4 200.200.200.58
ip nat inside source static 192.168.0.5 200.200.200.59
ip nat inside source static 192.168.0.6 200.200.200.60
ip nat inside source static 192.168.0.7 200.200.200.61
ip nat inside source static 192.168.0.8 200.200.200.62
ip nat inside source static 192.168.0.9 200.200.200.63
ip nat inside source static 192.168.0.10 200.200.150.32
ip nat inside source static 192.168.0.11 200.200.150.33
ip nat inside source static 192.168.0.12 200.200.150.34
ip nat inside source static 192.168.0.13 200.200.150.35
ip nat inside source static 192.168.0.14 200.200.150.36
ip nat inside source static 192.168.0.15 200.200.150.37
ip nat inside source static 192.168.0.16 200.200.150.38
ip nat inside source static 192.168.0.18 200.200.150.39
ip route 0.0.0.0 0.0.0.0 200.200.150.1
ip route 192.168.2.0 255.255.255.0 10.10.10.2

access-list 5 remark INSIDE
access-list 5 permit 192.168.0.0 0.0.255.255
access-list 5 remark INSIDE

JonathanLee

A lot of the pfSense is GUI based so you would need to go line by line and configure it into pfSense your config is not that big so it shouldn’t be that big of an issue to migrate over. Good luck, if needed you can also have pfSense TAC help you.

Vinibo1

OK, I've started to go through it. I was getting confused on how to do NAT. Also because I have a bunch of external ip addresses I wasn't sure how to put those in (I think they go in virtual ip addresses), and I think I need to do 1:1 NAT. Some of these external addresses go to webservers and mail servers.

So I guess instead of 1:1 nat, I could do port forward and only forward the ports necessary instead. Or 1:1 and then apply firewall rules to allow only certain ports. Not sure what way would be better.

Thanks

JKnott

@Vinibo1

Why not state the requirements, instead of posting the Cisco config? I see you have NAT and VLANs and some addresses. Also, what about IPv6? A lot of ISPs are providing that these days.