OPNsense Forum

English Forums => General Discussion => Topic started by: greymatter313 on March 19, 2019, 09:58:08 pm

Title: issues with setup, existing L3 switch with vlans
Post by: greymatter313 on March 19, 2019, 09:58:08 pm

Hello,

I just built an Apu4c4 OPNsense box and am trying to replace an old asa5505 that's seen better days.

Existing network is c3750 stack running L3 with several vlans, i have a WAN vlan (10.1.5.0/30) thats running from the 3750(10.1.5.2) to the ASA(10.1.5.1).

existing vlans are all 10.0.x.x/24.

i have setup the LAN port on the OPNsense box to match the old internal interface of the ASA and just set the WAN port on the OPN box to DHCP.

I have setup static routes back to the 3750 on the OPN box.

OPN is pulling IP fine however I could not ping anything external, internal devices ping fine.

I added a gateway for the LAN pointing at the WAN ip and can now ping both external and internal address fine from the OPN box.  However I still cannot access anything on the internet from any internal devices on any of the vlans.

any ideas on what I am doing wrong here?

Thanks!

Todd

Title: Re: issues with setup, existing L3 switch with vlans
Post by: hbc on March 19, 2019, 10:34:31 pm

Your WAN has an private RFC1918 address (10.1.5.0/30). Did you untick the checkbox that blocks RFC1918 addresses on WAN? Or is it just a transfer network due to /30 and traffic is only public ip?

Usually it is the first rule on interface WAN.

Title: Re: issues with setup, existing L3 switch with vlans
Post by: greymatter313 on March 19, 2019, 10:41:05 pm

Apologies, maybe I didn't articulate that correctly,  The link from the 3750 switch to the OPNsense box is still an internal vlan.  I just called it a WAN vlan.  Bad choice of words there, my apologies.

so the LAN port on the OPNsense box is connected to the cisco3750.  the WAN port is connected directly to my cable modem.  3750 is running l3 and handling all of the routing for the vlans.  these were already setup and are operating as expected.

Title: Re: issues with setup, existing L3 switch with vlans
Post by: greymatter313 on March 20, 2019, 04:35:08 pm

found my issue.  I'll explain what I needed in case other folks out there have the same problem.

so i thought that i was safe with the auto rules since there was once for LAN networks, I had assumed this would include all traffic from internal.  This was not the case.  I noticed that I was able to get to the internet from a console on my 3750 (GW) but nothing else internal and figured i would try setting up a outbound nat rule for 1 vlan.  boom, everything was happy!  in hindsight I actually prefer it like this as I do have a couple vlans I do not want any traffic seeping out from. 

hope this helps someone out there.

I do have to say I am VERY impressed with OPNsense so far and kind of kicking myself for not doing this sooner!

already have replaced my old ovpn server with OPNsense box with MFA, very slick setup!