PFsense and Cisco 2821 ISR



  • I have a network with 7 sub networks. One of them is for VOIP; it had a Cisco 2821 ISR with a PRI card connected to the PSTN.

    My current setup is working but I can't get computer on the VOIP subnet to connect to the internet.  The computers on the VOIP subnet can connect to all the other subnets just fine.

    I have a PFsense firewall/router connecting all the subnets together.  I added a Gateway from System > Routing > Gateways
    interface: VOIP
    Name: CiscoVOIP
    Gateway: 10.1.10.254

    On the VOIP interface
    Description: VOIP
    Type: Static
    IP address: 10.1.10.253/24
    Gateway: CiscoVOIP - 10.1.10.254

    On the status page it list the
    CiscoVOIP 10.1.10.254 0.893ms 0.0% Online

    The setup for the Cisco 2821 ISR is…

    interface GigabitEthernet0/1
    description PHONES
    bandwidth 1000000
    ip address 10.1.10.254 255.255.255.0
    ip pim sparse-dense-mode
    duplex auto
    speed auto
    h323-gateway voip bind srcaddr 10.1.10.254
    !
    interface Serial0/1/0:23
    no ip address
    encapsulation hdlc
    isdn switch-type primary-ni
    isdn incoming-voice voice
    isdn calling-number 5555555555
    isdn supp-service name calling
    no cdp enable
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 10.1.10.253
    ip http server
    ip http authentication local
    ip http secure-server
    ip http secure-client-auth
    ip http timeout-policy idle 600 life 86400 requests 10000
    !
    !
    ip pim bidir-enable
    ip pim register-source GigabitEthernet0/1

    When I do a trace route to google.com from the VOIP subnet it gets...
    1  10.1.10.254
    2  10.1.10.253
    3  *
    4  *
    ...
    then it gets stuck in what looks like a loop.  Any suggestions?



  • So if your PFSense box is routing all the traffic, why did you add the Cisco 2821 as a gateway on the PFSense box?

    Any chance you can share with us the routing table on your PFSense box? Diagnostics->Routes

    Have you double checked your firewall rules to ensure that it isn't being blocked by PFSense?



  • Destination 	Gateway 	Flags 	Refs 	Use 	Mtu 	Netif 	Expire
    default 	111.111.111.33 	UGS 	0 	620671411 	1500 	em0 	 
    10.0.0.0/24 	link#6 	U 	0 	110815359 	1500 	em5 	 
    10.0.0.254 	link#6 	UHS 	0 	0 	16384 	lo0 	 
    10.1.0.0/24 	link#5 	U 	0 	11290345 	1500 	em4 	 
    10.1.0.254 	link#5 	UHS 	0 	0 	16384 	lo0 	 
    10.1.10.0/24 	link#4 	U 	0 	5508385 	1500 	em3 	 
    10.1.10.253 	link#4 	UHS 	0 	0 	16384 	lo0 	 
    10.1.55.0/24 	10.1.55.2 	UGS 	0 	4 	1500 	ovpns1 	 
    10.1.55.1 	link#16 	UHS 	0 	0 	16384 	lo0 	 
    10.1.55.2 	link#16 	UH 	0 	0 	1500 	ovpns1 	 
    10.1.56.0/24 	10.1.56.2 	UGS 	0 	33113 	1500 	ovpns2 	 
    10.1.56.1 	link#17 	UHS 	0 	0 	16384 	lo0 	 
    10.1.56.2 	link#17 	UH 	0 	0 	1500 	ovpns2 	 
    10.1.57.0/24 	10.1.57.2 	UGS 	0 	150 	1500 	ovpns3 	 
    10.1.57.1 	link#18 	UHS 	0 	0 	16384 	lo0 	 
    10.1.57.2 	link#18 	UH 	0 	0 	1500 	ovpns3 	 
    10.1.251.0/24 	link#3 	U 	0 	333920315 	1500 	em2 	 
    10.1.251.5 	link#3 	UHS 	0 	0 	16384 	lo0 	 
    10.1.254.0/24 	link#2 	U 	0 	11941300 	1500 	em1 	 
    10.1.254.254 	link#2 	UHS 	0 	0 	16384 	lo0 	 
    10.200.1.0/24 	link#8 	U 	0 	162603 	1500 	em7 	 
    10.200.1.1 	link#8 	UHS 	0 	6 	16384 	lo0 	 
    111.111.111.32/28 	link#1 	U 	0 	805247 	1500 	em0 	 
    111.111.111.36 	link#1 	UHS 	0 	0 	16384 	lo0 	 
    111.111.111.37 	link#1 	UHS 	0 	0 	16384 	lo0 	 
    111.111.111.38 	link#1 	UHS 	0 	0 	16384 	lo0 	 
    111.111.111.41 	link#1 	UHS 	0 	0 	16384 	lo0 	 
    111.111.111.42 	link#1 	UHS 	0 	0 	16384 	lo0 	 
    127.0.0.1 	link#15 	UH 	0 	3338 	16384 	lo0 	 
    172.16.1.0/24 	link#7 	U 	0 	3609759 	1500 	em6 	 
    172.16.1.1 	link#7 	UHS 	0 	0 	16384 	lo0 	 
    222.222.222.77 	111.111.111.33 	UGHS 	0 	577484408 	1500 	em0 	
    

    I have change the public IP address to 111.111.111.* 222.222.222.*
    Two weeks ago I moved the routing of the Cisco 2821 ISR onto the PFsense, but I never delete the gateway.  I was thinking that is what I needed to do, but I didn't want break the phone system again only to find out that was not the answer. :)

    The firewall rules on the VOIP network block access to two of the subnets, and allow all other traffic.

    I should also add that all the phone and computer on the VOIP network have there gateway set to 10.1.10.254



  • OK I removed the gateway from the VOIP network, and it's routing just fine now, thanks.  ;D