Route between Router and Firewall

FARO15ful · ‎02-12-2024

Hi. i have a problem with route packets between firewall and cisco router. Yes i know tat 100.100.10.0 is global ip, i can't use it and all ip adress is just example.

I have a PC, ESXi server, and a Cisco router, all connected to an unmanaged switch. DHCP, a VPN between my VPN server, and NAT is configured on the Cisco router. I have a global IP address 117.71.71.70 on my WAN interface and the IP address 100.100.10.1 on my LAN interface on the Cisco router. 117.71.71.71 is IP address of internet provider.

In the ESXi server, I have a pfSense firewall running in a virtual machine with an IP address of 100.100.10.13 Computers get their IP from the Cisco router. I want to route the traffic in such a way that when the PC tries to access a website, packets will go from the LAN interface to the Cisco router, then to the pfSense firewall. If the PC has access to that site, the packets will then go back to the Cisco router, and from the WAN interface, it will go to the internet.

What I need to set up a route for this?
I tried this route but it didn't route to pfsesnse. It directly goes to wan.
ip route 0.0.0.0 0.0.0.0 117.71.71.71
ip route 100.100.10.0 255.255.255.0 100.100.10.13

Georg Pauwen · ‎02-13-2024

Hello,

(default) routing won't work because your PC and the pfSense are in the same subnet (directly connected to the Cisco router). Policy routing might work. Can you post the full running config of your Cisco router ?

FARO15ful · ‎02-29-2024

Thanks. route map with different subnet works good. if i have a vpn connection i cant see my local hosts from vpn server. i add same routemap with permmit my local network to wan interface and it helped too. is it right way for this solution?

DimaL · ‎02-13-2024

Right option would be connecting ESXi directly to the router interface on different subnet, via software switch.