05-27-2015 05:21 PM - edited 03-05-2019 01:33 AM
Hello,
device = cisco 2811, as firewall to interner.
We recently set up a pfSense firewall behind our cisco router. We had some trouble routing traffic from behind the pfsense through the cisco router out to the internet.
Internet -- cisco 2811 -- pfsense --internal pfsense private IP
Public IP of cisco, FastEthernet0/1 = 203.40.240.2
private IP of cisco, FastEthernet0/0 = 192.168.1.1/255.255.254.0
External interface of pfSense firewall = 192.168.1.20/255.255.254.0
Private IP of pfSense LAN = 172.16.1.1/255.255.240.0
Private LAN behind 172.16.0.0/255.255.240.0
The pfSense firewall is performing NAT on for outgoing data from its LAN (172.16.0.0/255.255.240.0).
The gateway for the pfsense firewall is the cisco FastEThernet0/0 interface.
We are unable to browse to the internet from the pfsense LAN.
HOWEVER, if we change the route so that the gateway for the pfsense firewall is a Vyatta router, which then sends traffic via a Billion modem/router and a simple (home-style) ADSL2 connection, we can browse happily. There is no particular routing set up on the Billion nor the vyatta router.
Just wondering if there is any particular considerations in a cisco world I need when we have a firewall behind another firewall.
My other option may be to treat the pfsense as a router and not a firewall but would like to work on the problem as it stands now.
Regards,
Adrian
05-28-2015 06:50 AM
Can you ping the local ethernet interface on your 2811 from behind the firewall?
Can you ping the WAN interface on your 2811 from behind the firewall?
05-28-2015 06:07 PM
Thanks, William Benson.
we CAN ping the local ethernet interface on the 2811
we CAN ping the WAN interface on the 2811
we CANNOT ping the next hop after the 2811
we CAN successfulyl port forward from the internet to the pfsense private network, and get a response. it is only traffic initiated from the pfsense's private network to the internet that is failing.
we have got it working by doing other routing, bypassing the 2811 for traffic going out, and using another internet connection we have here.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide