Cisco IAD2400 and pfsense wan configuration



  • Ive got a Cisco IAS2400 T1 that provides internet access to the lan. Currently there is a Fortigate FG100A firewall/NAT box with a static WAN address (ip address assigned by our isp) and dns set appropriately.

    I'm trying to swap out the Fortigate box w/ pfsense however when I set the pf box WAN to the same ip,subnet and dns settings I can't ping any remote machines, resolve DNS, or access the net from the pf box directly. I'm not familiar with Cisco anything however the settings in the Fortigate router looked very straight forward. I also tried using using the same mac address on the pf WAN as the fortigate box to no avail.

    A tcpdump on the pf WAN interface shows remote traffic reaching the NIC but zero outgoing traffic of any kind from the pf box to anywhere. pf box is using intel pro GT's for both LAN and WAN (the on board mobo intel nic wouldnt establish a link to the cisco box interestingly)

    Are there any special considerations that I need to take into account when trying to make this swap? I'm using a straight through cat5e cable from the pf to the cisco. The same is apparently used from the cisco box to the fortigate box I'm not sure if a crossover cable is needed. Furthermore there isn't a gateway ip setup anywhere on the fortigate box.

    If i just plug the pf box into the lan and set the WAN to get an ip via DHCP it'll get it and route traffic properly, so the box works.

    The above should be a straightforward config for pf imo

    one thing i noticed is that the netmask on the pf box WAN was set to /24 vs /29 but im not sure if that's enough to prevent a connection. Any advise is greatly appreciated!



  • Got it figured out, the route does need to be set which is the ip of the cisco box itself even though there are 6 public ips. So the gateway of a public ip gets routed to another public ip on the same subnet to get sent back to the telco and out to the internet.


Locked