Dual WAN with IP migration



  • Hi all

    currently I have this setup (quite usual):

    –- LAN
    ADSL --- Cisco1721 --- pfsense 
                                                --- DMZ

    The router has its own static public IP on WAN.
    I have an entire subnet of 16 static public IP addresses assigned from my ISP, divided in this way:
    1 IP is used for the LAN router interface
    1 for the WAN pfSense interface
    the others are assigned to servers on the DMZ.
    Each subnet is connected to a different NIC (4 NICs on pfSense, one is not used currently).
    The LAN interface is configured to NAT through the pfSense public IP (WAN)
    The DMZ interface is bridged (with filtering) with the WAN.

    Now we are migrating to a new ADSL connection, with a different set of static public IP Addresses.
    To reach a smooth migration, I would like to modify the setup in this way:

    ADSL --- Cisco857 (WAN1)  ---            --- LAN
                                                pfsense 
    ADSL --- Cisco1721 (WAN2) ---            --- DMZ

    The new connection will become the main WAN, while the old connection will be attached to an OPT 2 interface.
    My goal is to reconfigure all the servers with new static addresses so they can be reached from clients through WAN1, but also leave the old connection to let clients not yet updated to reach the servers with the old address through WAN2. This is mainly due to slow worldwide DNS reconfiguration.
    I have modified the setup for new addresses and router, than I have tried to add the old WAN to the setup.
    I connected WAN2 (the old connection) to the OPT2 interface, using an IP address from the pool of old 16 addresses, than created a 1:1 rules for OPT2 interface translating old addresses to new one.
    But this setup do not work...
    Is there a way to reach this behavior? Thank you very much

    Olaf



  • did you create rules on the opt2 interface to allow traffic to the 1:1 NAT ip?

    Furthermore. I am concerned that this might trigger traffic going out the wrong gateway and upsetting a IP stack or 2.

    Create rules, turn on the log bit and see if they are hit.

    If not the 1:1 nat construction might be dodgy.



  • This setup does not work. As you said, the rules are not hit.
    I've also tried to set rules to the second gateway, but the result is faulty.
    Any suggestion?
    Thank you!




Log in to reply