Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
519
Views
0
Helpful
2
Replies

Cisco 2811 thinks LAN IP has interface MAC address

Adrian Bolzan
Level 1
Level 1

‎05-27-2015 03:43 PM - edited ‎03-08-2019 12:13 AM

Hello,

 

device = cisco 2811, as firewall to interner.

 

We recently set up a pfSense firewall behind our cisco router. We had some trouble routing traffic from behind the pfsense through the cisco router out to the internet.

 

Internet -- cisco 2811 -- pfsense --internal pfsense private IP

 

Public IP of cisco, FastEthernet0/1 = 203.40.240.2

private IP of cisco, FastEthernet0/0 = 192.168.1.1/255.255.254.0

 

External interface of pfSense firewall = 192.168.1.20/255.255.254.0

Private IP of pfSense LAN = 172.16.1.1/255.255.240.0

Private LAN behind 172.16.0.0/255.255.240.0

 

During our work 

- we tried to make a static route to the LAN behind the pfSsense

- also we  set up a NAT rule from a Public IP address on FastEthernet0/1 (connected to the internet) to the LAN IP address assigned to the pfSense interface.   We then deleted that NAT rule.

 

The only entries in the cisco config that point the the LAN IP address are for Port forwarding from thr cico public interface to the LAN IP address.

 

During the process, the arp table on the cisco router shows the IP address of the pfsense interface as having a MAC address of the FastEthernet0/0 interface on the ciaco router, using show arp

 

Internet  192.168.1.1          -     001d.a2d0.30b8  ARPA   FastEthernet0/0

where 001d.a2d0.30b8 = MAC address of the cisco FastETernet0/0 interface.

 

Thus, we can no longer assign the IP address to the pfsense firewall.

 

Also, we clearing  the arp cache does not remove this entry.

 

 

Any help in removing the arp entry would be appreciated.

 

Adrian

 

Labels:
0 Helpful
2 Replies 2

johnd2310
Level 8
Level 8

‎05-27-2015 08:09 PM

 

 

Hi,

You should have roughly the following config:

pfSense:

Add default route pointing to 192.168.1.1

 

Cisco 2811:

access-list 10 permit 172.16.0.0 0.0.15.255

Interface FastEthernet0/0

ip nat inside

 

Interface FastEthernet0/1

ip nat outside

 

ip nat inside source list 10 interface fastethernet 0/1 overload

 

ip route 172.16.0.0 255.255.240.0 192.168.1.20

ip route 0.0.0.0 0.0.0 203.40.240.X where X is ISP router

 

 

**Please rate posts you find helpful**
0 Helpful

Adrian Bolzan
Level 1
Level 1
In response to johnd2310

‎05-28-2015 06:04 PM

Thanks, johnd2310

still no luck. 

 

we have decided to pursue another method of routing the pfsense traffic.

 

also, with respect to the problem with the interface thinking it has the IP address of the pfsense interface- still a problem.

 

i am going to reboot the cisco on the weekend, which should resolve it.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card