Monitor WAN and LAN on same interface
-
Here is a rough diagram of the setup. LAN1 is at a remote site and is linked with the ASA by P2P Wireless
LAN2–------ASA 5505----------WAN1
|
|
|
|
LAN1----------pfSense----------WAN2Currently we are using pfSense for a Multiple-WAN setup, using a Gateway Group for Failover and this is working great. The reason for setting this up in the first place was to utilize WAN1 from LAN1 for faster Internet speed.
The problem that I have is last week, we lost Internet at WAN1 so the Primary WAN Gateway went down. LAN1 still had Internet through WAN2 but lost communication with LAN2.
I am wondering if there is a way to have a second Monitor IP for the LAN or if something else can be done so that communication stays up between the LANs even when Internet is down.
-
You don't need that. Probably just need to make sure you're not policy routing traffic between the LANs, guessing when you have a WAN failure it's forcing the traffic to the wrong place possibly.
-
OK, thank you.
However, we do want PBR on LAN1 and actually that was our main reason for going with pfSense because we also have a VPN set up so that if P2P Wireless goes down, there is still communication between the LANs
The VPN connection turns on and off automatically depending on the status of the P2P Wireless connection.
When we lost Internet at WAN1, pfSense marked the P2P Gateway as down and routed traffic out WAN2. So LAN1 was trying to communicate over VPN, but since P2P wireless was actually still up the VPN was not turned on.
So maybe on pfSense we need two separate policies, one for loss of Internet and one for loss of P2P wireless, but I don't know if this is possible.