Is this possible? CIDR with Netgear and pfSense boxen?



  • Anyone done CIDR with Netgear and pfSense boxen?

    I'm wondering if this is possible

    I have a site that has 2 pfsense  routers each with 3 ports, one of those routers also connects to our remote sites via ipsec / Netgear routers
    our current set up is as follows
    it works (kind of) but I think I have a better way of doing this and would like to avoid 2 routers on the 192.168.53.0 subnet

    
    Current setup 
    __________________________________________________________________________________
    Pfsense1							Pfsense2
    Internet connection						Internet connection					Remote sites (via Netgear firewalls)
    									ipsec 192.168.51.0   -------------------------->192.168.51.1
    									ipsec 192.168.52.0   -------------------------->192.168.52.1
    192.168.53.1			Switch			192.168.53.254
    192.168.99.1							spare	slot
    __________________________________________________________________________________
    Possible New set up 
    __________________________________________________________________________________
    Pfsense1								Pfsense2
    Internet connection						Internet connection					Remote sites (via Netgear firewalls)
    									ipsec 192.168.51.0   -------------------------->192.168.51.1
    									ipsec 192.168.52.0   -------------------------->192.168.52.1
    									192.168.99.1
    192.168.56.1	<--Link the routers -->		192.168.56.2
    
    192.168.53.1							
    	|
    	|
    Switch
    __________________________________________________________________________________
    
    

    I know I can get traffic from 192.168.99.1 to 192.168.53.0 via static routes

    The pfsense book (which I must add is fantastic!) says that I can route multiple sub-nets over ipsec (page 231) I can either use parallel ip Sec tunnels or Cidr Summarization.

    The important thing is that all subnets can access 192.168.53.0 domain that resides on the switch and that all devices on the switch can access the external subnets - I don't at this point need routing between all subnets it's just important that everyone can reach 192.168.53.0 and that 192.168.53.0 can reach everyone else.

    If I use a  192.168.51.0/16 approach to things I get the following from
    http://bonomo.info/coyote/cidr-calculator.php

    Usable IPs = 192.168.0.1 to 192.168.255.254 for 65534
    Broadcast = 192.168.255.255
      Netmask = 255.255.0.0

    My questions are
    1 would this work across the 2 routers? (For example would 192.168.51.1 be able to ping something off the switch via 192.168.56.0 to 192.168.53.0)
    2 Currently the subnet masks on the Netgears and the pfsense box are /24 would they all need to be changed to 255.255.0.0 (both netgear and Pfsense?)
    3 I'm amusing I would need static routes on the Pfsense1 box pointing back to the 192.168.51.0 and 192.168.52.0 networks?
    4 I'm also amusing I'd need static routes on the pfSense2 machine pointing to the 192.168.53.0 network (via 192.168.56.0)

    Or have I got it completely wrong?

    Many Thanks in advance

    Steve



  • Anyone?


Log in to reply