VLAN Routing To pfSense - Need Help Please
-
Hey All,
I'm pretty sure this an interface routing issue that I'm having with my Cisco SG 300, however I want to run it by a more seasoned crowd. The issue I'm having is that I can't get any of my VLAN traffic out my Cisco SG 300 out to pfSense and then to the internet. I can however sit on a port that has VLAN1 associated with it and set my IP address to 172.16.15.166 (pfSense is 172.16.15.1) and all connectivity works just fine. So again, I think it's a VLAN issue of sorts.
I would like to do all of my inter-VLAN routing within the Cisco SG 300 (which currently works). Would like all other traffic to go out to pfSense for routing. I know VLAN1 is a no-no, just using it for testing and will change it in the future.
Any help would be greatly appreciated. I've attached a few screenshots of my current setup.
Cheers,
Miscue
 -
Added a couple screenshots of my setup in pfSense as well. Pretty much a stock setup from the install.
-
One more update. Added a gateway and a route so that I could to my VLANS. Still can't get out to the internet from them.
Cheers,
Miscue.
-
Put a host on 172.16.20.0/24 on GE9 (Or any other access port on VLAN 20.)
Can it ping 172.16.20.1?
Can it ping 172.16.15.2?
Can it ping 172.16.15.1?
-
Put a host on 172.16.20.0/24 on GE9 (Or any other access port on VLAN 20.)
Can it ping 172.16.20.1? Yes
Can it ping 172.16.15.2? Yes
Can it ping 172.16.15.1? No
Hi Dereict. Thanks for helping out. My answers are above. It's odd that I can get to 172.16.15.2 (Cisco SG300) but not 172.16.15.1 (pfSense). I also confirmed it's just not blocking ICMP as I cannot get to the pfSense webGUI on 172.16.15.1.
I can also ping all the other hosts on 172.16.20.x and other VLANS on the SG 300 (172.16.30.x)
Cheers,
Miscue -
After answering the above question. Should my Interface LAN IP addressing be set to the following to allow for the other subnets?
172.16.15.1/16?
Would changing the IP address allow for the routing of the other subnets? 172.16.15.x, 172.16.20.x, 172.16.30.x?
Screen shot attached of what I currently have in place.
 -
After logged into my older router (Asus Wifi/Router) the LAN IP was set to 172.16.15.1 with a netmask of 255.255.255.0, so I don't think that's the issue.
-
Another quick update: I can get to pfSense from my VLAN20 subnet (172.16.20.x). However, I still can not get to the internet from those subnets.
Added an Any-to-Any firewall rule for testing purposes. Same results though.
Cheers,
Brad
 -
Added an Any-to-Any firewall rule for testing purposes. Same results though.
That rule does not allow DNS (UDP), does not allow ping (ICMP)… Not sure how you are testing.
-
Yeah good call. Saw that. It was the issue. Added all protocols and it fixed the issue.
Now I'm getting odd RDP random disconnects.
-
Fixed the above with the attached screenshot.
 -
Thanks for everyones help. Much appreciated.
