menu

arrow_back Pfsense for Cisco ASA?

by
1 vote
There is a strong desire to put PFSense in the working network, raised on Cisco ASA 5505. On ASA there are Vlan's, traffic walks according to ACL, everything is OK. There are two main Vlan's - the server and the user. I rise PFSense, set network cards and cisco: WAN - server, LAN - user, DHCP clasps IP addresses of both cards, WAN - IP in server subnet, LAN - in the user's subnet, everything is OK. I'm moving my gateway from standard to PFSense LAN IP in user computers. Now all user traffic goes through PFSense and proxy, I filter what, where, why and from whom, and everything is ok. But no access from vlanes on Cisco ASA to users behind PFSense. Can you advise what to do? Actually users are behind PFSense NAT, turning off NAT in Outbound rules and turning off Portforwarding does not give any results.
P.S. Pings are coming from all sides in all directions, everyone sees each other. You need access to PFSense users via RDP, SMB and several other protocols. PFSense users are free to go to any (allowed by the rules) addresses on any ports.
P.P.S. I know about double-NAT, but it's not about it. In fact, we need access of users and services from other Vlan to users sitting behind PFSense

1 Answer

by
0 votes
Solved the problem by disabling the WAN interface and the schedule of local routes in PFsense itself. All user traffic goes through the LAN interface to the LAN gateway. Traffic to local networks goes past the proxy, everything else through the proxy