Routing Issues to another router



  • Hello all

    I have a route setup to network 10.32.122.0/24 and 10.32.126.0/24. There is a router connected to out network with the ip of 10.33.217.1. I have a route setup and gateway. The issue is that when they conect to the software the goes to that router 10.33.217.1 with is access the network 10.32.122.0/16

    Here are the screen shots

    The software connects then disconnects after a request has been made.

    I can ping both ips for the software 10.32.122.40 and 10.32.126.40.

    This issue does not arise with the old cicso router.  It had a route as follows

    ip route 10.32.0.0 255.255.0.0 10.33.217.1

    and then a rule on the lan interface

    Any help with be greatful

    access-list 100 permit ip any 10.32.0.0 0.0.255.255






  • example of issue

    User sends request for plate info via  vender program, Program  does not send info back unless you close the application and reopen it then it send the info.



  • It looks like you've configured the routes properly, but please also share LAN config and Firewall rules.
    Is the pfSense LAN IP the same as what you had on the old Cisco router?

    Also check System -> Advanced -> Firewall/NAT tab
    Bypass firewall rules for traffic on the same interface should be checked.


  • LAYER 8 Netgate

    Why not duplicate what you had that was working - One route for 10.32.0.0/16 to 10.33.217.1 ??


  • LAYER 8 Netgate

    @awebster:

    Also check System -> Advanced -> Firewall/NAT tab
    Bypass firewall rules for traffic on the same interface should be checked.

    Why?  The downstream router should be routing between those subnets.


  • LAYER 8 Netgate

    Keep in mind that an "old cisco router" is not a stateful firewall and will happily pass asymmetric/triangle routed packets.



  • @Derelict:

    @awebster:

    Also check System -> Advanced -> Firewall/NAT tab
    Bypass firewall rules for traffic on the same interface should be checked.

    Why?  The downstream router should be routing between those subnets.

    In the event PCs on LAN segment are using pfSense as default GW, traffic might not need to be inspected going back out LAN interface to hit the router.

    @Derelict:

    Keep in mind that an "old cisco router" is not a stateful firewall and will happily pass asymmetric/triangle routed packets.

    Good point!
    Which is why I asked: Is the pfSense LAN IP the same as what you had on the old Cisco router?

    Bottom line, the original post is kinda thin on details, so we're just guessing at this point.



  • The new router LAN ip is 10.33.217.253 the old one is 10.33.217.2. I dont have access to  the vendors router. I called them to verify that they didnt have to change any config in there router.

    Attached is  the lan rules.

    Posted by: Derelict
    « on: Today at 09:33:30 pm » Insert Quote
    Why not duplicate what you had that was working - One route for 10.32.0.0/16 to 10.33.217.1 ??

    I tried that as well set route to 10.32.0.0/16 to use gateway 10.33.217.1




  • Changed it back to 10.32.0.0/16 and still have same issue.




  • @awebster:

    It looks like you've configured the routes properly, but please also share LAN config and Firewall rules.
    Is the pfSense LAN IP the same as what you had on the old Cisco router?

    Also check System -> Advanced -> Firewall/NAT tab
    Bypass firewall rules for traffic on the same interface should be checked.

    Should I check in System -> Advanced -> Firewall/NAT tab
    Bypass firewall rules for traffic on the same interface should be checked.

    what does this actually do??



  • Check the routing on the LEADS router.

    If you change the IP of your router, LEADS router has no way of getting the traffic back to your Internal networks.
    Your internal network's machines should have pfSense as default gateway OR route for 10.32.0.0/16 to LAN IP of pfSense.
    LEADS router must have routes back to your Internal Network's IP range(s) or default route back to 10.33.217.2.

    
                            +--------+                    +---------+
                            |        |                    |         |
                            | LEADS  |                    | pfSense |    YOUR
         10.32.0.0/16 <=====| ROUTER |<===10.33.217/24===>|         |<== INTERNAL
                            |        |.1                .2|         |    NETWORKS
                            |        |                    |         |
                            +--------+                    +---------+
                            >>>>>>>>>>                    <<<<<<<<<<<
                  To reach Internal Networks        To reach LEADS networks 
                     send to 10.33.217.2            10.32.0.0/16 send to 10.33.217.1
    
    


  • I had them verify there settings and they said everything was ok. I will call them tommorrow again and maybe I will get to talk to somebody else. I know it has to be something on there end but what about the

    lso check System -> Advanced -> Firewall/NAT tab
    Bypass firewall rules for traffic on the same interface should be checked.



  • @jswope:

    Also check System -> Advanced -> Firewall/NAT tab
    Bypass firewall rules for traffic on the same interface should be checked.

    When checked, pfSense will not apply firewall rules to traffic entering and leaving on the same logical interface.



  • I checked the box and it seems to be working now. I also verified with the vendor of there settings and he added routes for the  pcs that only use the software and so far so good.


Log in to reply