B
B
BlackElwin2020-09-26 17:30:23
Cisco
BlackElwin, 2020-09-26 17:30:23

Pfsense behind Cisco ASA?

There is a strong desire to place PFSense in a working network raised on a Cisco ASA 5505. Vlans are raised on the ASA, traffic is walking according to ACL, everything is ok. There are two main Vlans - server and user. I raise PFSense, configure network cards and cisco: WAN - server vlan, LAN - user, both cards cling to IP addresses via DHCP, WAN - IP in the server subnet, LAN - in the user subnet, everything is ok. I translate in computers of users the gateway from standard to the IP address of PFSense LAN. Now all user traffic goes through PFSense and proxy, I filter what, where, why and from whom, and everything is ok. BUT! There is no access from vlan raised on Cisco ASA to users behind PFSense. Tell me what can be done here? In fact, users are behind NAT PFSense, disabling NAT in the Outbound rules and disabling Portforwarding do not work.
P.S. Pings go from all sides in all directions, everyone sees each other. Need access to users behind PFSense via RDP, SMB and a number of other protocols. Users for PFSense freely go to any addresses (allowed by the rules) on any ports.
P.P.S. I know about double-NAT, but that's not the point here. In fact, users and services from other Vlans need access to users sitting at PFSense

Answer the question

In order to leave comments, you need to log in

1 answer(s)
B
BlackElwin, 2020-09-28
@BlackElwin

I solved the issue by disabling the WAN interface and the local route schedule in PFsense itself. All user traffic goes through the LAN interface to the LAN gateway. Traffic to local networks walks past the proxy, everything else goes through the proxy

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question