Pfsense+Cisco 2621XM



  • Hello everyone,

    My current setup is Internet-CableModem-Pfsense-Switch-Devices

    Pfsense gets the wan's ip from dhcp. The lan is 192.168.1.1 255.255.255.0

    What  I would like to do is setup another network using a Cisco 2621. I would want to do Internet-CableModem-Pfsense-Switch<-PC's on 192.168.1.x 255.255.255.0
                                                                                                                                                                                Cisco 2621XM-Switch-PC's on another subnet. (I am open to any address and subnet)

    Does anyone know if this is possible? I have tried setting up the 2621 using Dhcp on the side connected to 192.168.1.x (dhcp is on windows server 192.168.1.254) and it received an ip address fine.  Then I set the other interface to 172.16.1.1 255.255.0.0

    The router is able to ping everything on 192.168.1.x and is able to ping internet websites. However the devices in the 172.16.1.x network cannot ping past the 2621. (but can ping the router 172.16.1.1)

    If anyone can point me in the right direction, that would be extremely helpful. Thanks in advance!

    -Austin



  • pfSense needs:

    • a firewall rule allowing traffic from the 172.16.0.0/16 in on the LAN interface
      -  a route added to 172.16.0.0/16 - that needs you to add a gateway 192.168.1.x (x is the address of the Cisco on the pfSense LANnet) and add a route going to that gateway. Then it knows how to return packets.
    • add manual NAT rules to pfSense WAN to NAT 172.16.0.0/16 as it goes out to the internet (192.168.1.0/24 gets NAT done automatically in the default setup)
      Others please comment if I have missed a step here, but I think that is enough to get a subnet behind the pfSense LAN to talk through it to the internet.


  • Thank you so much! I did exactly as you implied and now 172 can reach 192 and the internet. Thanks again! :D


Locked