GRT leaking through Pfsense

KestutisGrigas2465 · ‎02-23-2022

Hello, could you please explain what needs to be done to make this situation work properly. The company has implemented network segmentation using VRF. All traffic from VRF goes through PFsense. I want to make a GRT leak to VRF. I did a VRF receive command. It works well I can access internal IP addresses from an external vlan, but when I want to access a web that has mapped external IP 1: 1 on the Pfsense - I can’t access it. When I run the tracert command, it does not know where that external IP address is located. Could you help me, please?

Flavio Miranda · ‎02-23-2022

Hi

What device is connected to Pfsense?

One more question. If all VRF terminates on the firewall, it means that the routing should be done on the firewall. If you leak VRF you are bypassing the firewall. Is that Ok?

KestutisGrigas2465 · ‎02-23-2022

There is Cisco modular switch connected to two different PFsenses. The network topology looks similar to this one:

All vlans Global and private are on Cisco C6807-XL.

Flavio Miranda · ‎02-23-2022

Your attachment did not work. Attach as a file please. It is important to see the topology

KestutisGrigas2465 · ‎02-23-2022

Sorry.