Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is this possible? CIDR with Netgear and pfSense boxen?

    IPsec
    1
    2
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stevegingercat
      last edited by

      Anyone done CIDR with Netgear and pfSense boxen?

      I'm wondering if this is possible

      I have a site that has 2 pfsense  routers each with 3 ports, one of those routers also connects to our remote sites via ipsec / Netgear routers
      our current set up is as follows
      it works (kind of) but I think I have a better way of doing this and would like to avoid 2 routers on the 192.168.53.0 subnet

      
Current setup 
__________________________________________________________________________________
Pfsense1							Pfsense2
Internet connection						Internet connection					Remote sites (via Netgear firewalls)
									ipsec 192.168.51.0   -------------------------->192.168.51.1
									ipsec 192.168.52.0   -------------------------->192.168.52.1
192.168.53.1			Switch			192.168.53.254
192.168.99.1							spare	slot
__________________________________________________________________________________
Possible New set up 
__________________________________________________________________________________
Pfsense1								Pfsense2
Internet connection						Internet connection					Remote sites (via Netgear firewalls)
									ipsec 192.168.51.0   -------------------------->192.168.51.1
									ipsec 192.168.52.0   -------------------------->192.168.52.1
									192.168.99.1
192.168.56.1	<--Link the routers -->		192.168.56.2

192.168.53.1							
	|
	|
Switch
__________________________________________________________________________________

      I know I can get traffic from 192.168.99.1 to 192.168.53.0 via static routes

      The pfsense book (which I must add is fantastic!) says that I can route multiple sub-nets over ipsec (page 231) I can either use parallel ip Sec tunnels or Cidr Summarization.

      The important thing is that all subnets can access 192.168.53.0 domain that resides on the switch and that all devices on the switch can access the external subnets - I don't at this point need routing between all subnets it's just important that everyone can reach 192.168.53.0 and that 192.168.53.0 can reach everyone else.

      If I use a  192.168.51.0/16 approach to things I get the following from
      http://bonomo.info/coyote/cidr-calculator.php

      Usable IPs = 192.168.0.1 to 192.168.255.254 for 65534
      Broadcast = 192.168.255.255
        Netmask = 255.255.0.0

      My questions are
      1 would this work across the 2 routers? (For example would 192.168.51.1 be able to ping something off the switch via 192.168.56.0 to 192.168.53.0)
      2 Currently the subnet masks on the Netgears and the pfsense box are /24 would they all need to be changed to 255.255.0.0 (both netgear and Pfsense?)
      3 I'm amusing I would need static routes on the Pfsense1 box pointing back to the 192.168.51.0 and 192.168.52.0 networks?
      4 I'm also amusing I'd need static routes on the pfSense2 machine pointing to the 192.168.53.0 network (via 192.168.56.0)

      Or have I got it completely wrong?

      Many Thanks in advance

      Steve

      1 Reply Last reply Reply Quote 0
      • S
        stevegingercat
        last edited by

        Anyone?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.