Showing results for 
Search instead for 
Did you mean: 
Adrian Bolzan

Cisco 2811 thinks LAN IP has interface MAC address



device = cisco 2811, as firewall to interner.


We recently set up a pfSense firewall behind our cisco router. We had some trouble routing traffic from behind the pfsense through the cisco router out to the internet.


Internet -- cisco 2811 -- pfsense --internal pfsense private IP


Public IP of cisco, FastEthernet0/1 =

private IP of cisco, FastEthernet0/0 =


External interface of pfSense firewall =

Private IP of pfSense LAN =

Private LAN behind


During our work 

- we tried to make a static route to the LAN behind the pfSsense

- also we  set up a NAT rule from a Public IP address on FastEthernet0/1 (connected to the internet) to the LAN IP address assigned to the pfSense interface.   We then deleted that NAT rule.


The only entries in the cisco config that point the the LAN IP address are for Port forwarding from thr cico public interface to the LAN IP address.


During the process, the arp table on the cisco router shows the IP address of the pfsense interface as having a MAC address of the FastEthernet0/0 interface on the ciaco router, using show arp


Internet          -     001d.a2d0.30b8  ARPA   FastEthernet0/0

where 001d.a2d0.30b8 = MAC address of the cisco FastETernet0/0 interface.


Thus, we can no longer assign the IP address to the pfsense firewall.


Also, we clearing  the arp cache does not remove this entry.



Any help in removing the arp entry would be appreciated.








You should have roughly the following config:


Add default route pointing to


Cisco 2811:

access-list 10 permit

Interface FastEthernet0/0

ip nat inside


Interface FastEthernet0/1

ip nat outside


ip nat inside source list 10 interface fastethernet 0/1 overload


ip route

ip route 0.0.0 203.40.240.X where X is ISP router



**Please rate posts you find helpful**

Thanks, johnd2310

still no luck. 


we have decided to pursue another method of routing the pfsense traffic.


also, with respect to the problem with the interface thinking it has the IP address of the pfsense interface- still a problem.


i am going to reboot the cisco on the weekend, which should resolve it.