LAN1 <-> pfSense <-> Cisco <-> LAN2

LivingSouL

Why couldn't I ping both sides? I've already put static route from the Cisco router to the pfSense and vise versa.. But still doesn't ping each other. Any Ideas?

stephenw10

Probably because you don't have the correct firewall rules in place.

What are you trying to ping from what? Which interfaces are you using on pfSense? Which version of pfSense are you running?

Steve

LivingSouL

Here's what I'm trying to achieve: There are 2 WANs on this setup

PLDT Modem <-> pfSense <-> Switch1 <-> LAN1

and

BayanTel Modem <-> Cisco Router 2621 <-> Switch2 <-> LAN2

Switch1 and Switch2 is connected with a crossover cable.

pfSense 1.2.3:
em0: WAN (PPPoE)
em1: LAN (192.168.1.0/24)

Cisco 2621:
f0/0: WAN (Static IP)
f0/1: LAN (192.168.2.0/24)

This is an internet shop setup. My goal is LAN1 can ping LAN2 and vise versa so that there's only 1 billing server that can control both LANs with one billing server.

I've already added a static route to LAN2 on Cisco: "ip route 192.168.1.0 255.255.255.0 f0/1"
And I've added a rule on pfSense back to Cisco so that they can ping each other: Source LAN subnet, Dest. Network 192.168.2.0/24.

Am I missing something?

stephenw10

You will need a route to your cisco router on pfSense and you'll probably need a firewall rule to allow traffic with source LAN2.

However this is the wrong way to go about this. Why are you using two routers?
A better solution would be to have all four interfaces, LAN1+2 and WAN1+2 on the pfSense box (or the Cisco router if it can do that).

Steve

LivingSouL

Yep, I've added the rule from pfSense to the Cisco router too. The server I installed pfSense on is IBM server type unit, the flat one. I don't know if it can be added with a typical LAN card.

dreamslacker

It doesn't work because both routers need an interface on both LAN segments.

i.e.  pfSense box must have an interface (VLAN interface works too) each for LAN1 and LAN2, Cisco must have 2 interfaces each holding an IP in the 2 LANs.

e.g.

IP of the interfaces in brackets.

pfSense 1.2.3:
em0: WAN (PPPoE)
em1: LAN (192.168.1.1)
em2: LAN2 (192.168.2.2)

Cisco 2621:
f0/0: WAN (Static IP)
f0/1: LAN (192.168.2.1)
f0/2: LAN2 (192.168.1.2)

You then add a static route on the pfSense to route all traffic destined for 192.168.2.0/24 to 192.168.2.1 (Cisco unit).
And static route on the Cisco to route all traffic destined for 192.168.1.0/24 to 192.168.1.1 (pfSense box).

stephenw10

What about using some form of virtual IP on the lan interface to provide a route to the other  subnet?

Steve

dreamslacker

If pfSense supports that (different subnet virtual IP on the interface), it should work.
The key idea is that the 2 routers must have a connection on both subnets that they need to route to.  Or failing which, at least a means to connect to each other (via a 3rd connection or an intermediary router).

LivingSouL

We've achieved this goal using 2 Cisco routers:

PLDT             BayanTel
   |                     |
CiscoR1           CiscoR2
   |                     |
SW1- - - - - - - SW2
   |                     |
 LAN1               LAN2

LAN1:
192.168.1.0/24

LAN2:
192.168.2.0/24

They now can ping each other and play LAN games, with one billing server. Now where can I put the pfSense in that setup?