Static Route?
-
So the below network works like a charm.
Internal Network –-> Router-on-a-Stick--(172.16.0.0/24)-->[Cisco(2900)Router]–>(192.168.2.0/24)[crapyRouter]–>[ISP-Modem]The problem that I am having, and I am sure it is something simple that I am missing, is that when I place the pfSense box in place of the simple crapyRouter, it does not work. I am guessing that it does not have a static route back. As I have this in the crapRouter. But for some reason I can not get it to work, or find the correct place to enter the route in pfSense, please help.
Network –-> Router-on-a-Stick--(172.16.0.0/24)-->[Cisco(2900)Router]–>192.168.2.0/30)[pfSense]–>[ISP-Modem]
I really just need to know how to properly set a static route in pfSense, from the WAN to the LAN.
Any info you need please let me know.
Again thanks,
Rye -
I really just need to know how to properly set a static route in pfSense, from the WAN to the LAN.
In the Web GUI: System -> Routing, click on the Routes tab; click on the "+" button on the right to add a static route.
-
Thank you Wall,
I do know where, what I seem to be having an issue with is the… well syntax for lack of a better word.
If I need pfSense to see a network behind another internal router, what would be the set up of the route?
-
I do know where, what I seem to be having an issue with is the… well syntax for lack of a better word.
1. Define a gateway for the route you are adding: Go to System -> Routes, Gateways tab. Click "+" to add a gateway. Fill in the details. The name should be something meaningful to you (Cisco? My-Lan? ….) The IP address will be the IP address of the Cisco on the subnet shared with pfSense: 192.168.2.x Click Save (to update configuration file) and (if asked) Apply (to update the running system).
2. Define the route: Go to System -> Routing, Routes tab. Click "+" to add a route. Fill in the Details of the destination network. I'll assume the router-on-a-stick is doing NAT so the Destination network will be 172.16.0.0. Select the network mask length. Select the gateway you previously added in step 1. Add description. Click Save and (if asked) Apply.
3. Done
If your router on a stick is not doing NAT then in step 2 you will need to give its "LAN" network address and mask rather than 172.16.0.0 and you will need to give the Cisco a static route to the "LAN" network of the router on a stick.
Edit: Correct formatting.
-
I have created a test network so that I could keep everyone online while I try and figure this little thing out.
Wall, you are right it is a NAT issue. I do not think that it is an issue to be double NAT'ed however, I would rather not. So here is the deal, if the internal 'Cisco' router has NAT, everything works fine. But no matter what I do with no NAT, it does not work. With no NAT'ing the pfSense box can ping the internal network, however, the internal network cannot ping the pfSense box (either interface). I have tried all sorts of static routes.
Any advice would be great.
Thanks again,
Rye. -
I have reread this thread and noticed a change in the network shared by Cisco and ISP facing router: 192.168.2.0/24 became 192.168.2.0/30 (unless you made a typo). Depending on the IP addresses assigned when you did the switchover you may have created an invalid configuration. For example, suppose the Cisco had 192.168.2.100 and the simple router 19.2.168.2.1. Perhaps you replaced the simple router by pfSense with the interface connected to the Cisco assigned 192.168.2.1/30 then you have an invalid configuration because the Cisco and pfSense are not on the same subnet.
Please post a diagram of the current configuration including IP addresses and netmasks of all relevant interfaces, the tests you have tried and what is reported by these tests.