1 WAN route back to 2 redundant LAN

blcrazzy

Hi all,
I'm looking for a way to make this work.
I got 1 WAN interface and 2 LAN interfaces that are connected to my office Network via 2 Cisco routers with HSRP and no NAT.
My office default gateway is passing via LAN1 and all is working well.
I've also configured a gateway group for redundancy in case of LAN1 is going down. Tested, and its works fine.
Now I'm looking to optimize the traffic between the 2 LANS. I would like that servers or other network devices that I decide will pass through LAN2.
Configuring the route for that is easy, all I needed was to change the Default gateway for the server. But when I ran the test I noticed that the traffic is coming back from the LAN1 instead of LAN2 as I would expect it.
Any ideas for why does it coming back via LAN1 and not LAN2?

Please see a new drawing in a post below..

cmb

Don't use gateway groups for that purpose. Add a HSRP IP on the WAN-side of the routers, and point your static route to that.

blcrazzy

I'm still stuck on this issue.
Here is a better scheme to explain my netowrk
I'm looking for a way to route-back the traffic coming out from LAN according to the interface it came from and to by-pass the static route table.
I can control the way traffic comes out of the LAN Cisco.
I have this setup working with Cisco routers replacing the pfSense. In that setup its just a matter of creating a route-map policy with ACL and applying it to the corresponding interfaces.
I'm sure there is a way to do the same with pfSense, I just don't know how yet.

In details :
I can make traffic originated from WAN to go to the LAN interface that I desire by creating rules with Gateway-Group, and it works fine.
I monitor each Gateway by the IP address on the Cisco interface. So, if the line drops the traffic will be routed to the other line.
But if the traffic originated from the LAN it will be routed as i choose on the Cisco. I apply that by using IP SLA and Tracks. Then I configure an IP ROUTE based on the Track so if the Track fails the traffic will be routed to the other line. But then I have a problem with the route-back from the Edge pfSense (pfSense 1) since I have a static route for the LAN network via specific Line and not the Gateway-Group. I don't think that it can be solved by adding a rule on the WAN interface since this is a "comming back" traffic and thus it will use the state table to allow it to pass.

![pfSense Redundancy pic.jpg](/public/imported_attachments/1/pfSense Redundancy pic.jpg)
![pfSense Redundancy pic.jpg_thumb](/public/imported_attachments/1/pfSense Redundancy pic.jpg_thumb)

mablux

We have a similar issue. In our case 1 LAN and 2 redundant WAN (failover WANs)

For traffic originated from LAN we use firewall rules in LAN interface using a gateway group (gateway WAN1 and gateway WAN2), this works fine!!

But for traffic originated from WANs we don´t know a way to route-back the traffic to failover WANs. We can create a static route to use one of WAN gateway, but if this gateway falls the connections will be lost.

cmb

mablux: please don't hijack other people's threads, you already have your own and this is completely unrelated to what you're doing.

blcrazzy

Hi all,
I'm still struggling on that issue. I've looked for all sort of possible solutions and came out with *almost nothing.

*there was something related with BGP but that will have a major impact to our current BGP configuration