Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cisco IAD2400 and pfsense wan configuration

    Scheduled Pinned Locked Moved NAT
    2 Posts 1 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      Ulich05
      last edited by

      Ive got a Cisco IAS2400 T1 that provides internet access to the lan. Currently there is a Fortigate FG100A firewall/NAT box with a static WAN address (ip address assigned by our isp) and dns set appropriately.

      I'm trying to swap out the Fortigate box w/ pfsense however when I set the pf box WAN to the same ip,subnet and dns settings I can't ping any remote machines, resolve DNS, or access the net from the pf box directly. I'm not familiar with Cisco anything however the settings in the Fortigate router looked very straight forward. I also tried using using the same mac address on the pf WAN as the fortigate box to no avail.

      A tcpdump on the pf WAN interface shows remote traffic reaching the NIC but zero outgoing traffic of any kind from the pf box to anywhere. pf box is using intel pro GT's for both LAN and WAN (the on board mobo intel nic wouldnt establish a link to the cisco box interestingly)

      Are there any special considerations that I need to take into account when trying to make this swap? I'm using a straight through cat5e cable from the pf to the cisco. The same is apparently used from the cisco box to the fortigate box I'm not sure if a crossover cable is needed. Furthermore there isn't a gateway ip setup anywhere on the fortigate box.

      If i just plug the pf box into the lan and set the WAN to get an ip via DHCP it'll get it and route traffic properly, so the box works.

      The above should be a straightforward config for pf imo

      one thing i noticed is that the netmask on the pf box WAN was set to /24 vs /29 but im not sure if that's enough to prevent a connection. Any advise is greatly appreciated!

      1 Reply Last reply Reply Quote 0
      • U
        Ulich05
        last edited by

        Got it figured out, the route does need to be set which is the ip of the cisco box itself even though there are 6 public ips. So the gateway of a public ip gets routed to another public ip on the same subnet to get sent back to the telco and out to the internet.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.