Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Using OPNsense as gateway to LANs
« previous
next »
Print
Pages: [
1
]
Author
Topic: Using OPNsense as gateway to LANs (Read 995 times)
Elhanan
Newbie
Posts: 5
Karma: 0
Using OPNsense as gateway to LANs
«
on:
September 29, 2022, 03:55:44 pm »
Hello everyone
I am new to OPNsense and the community, I am glad to be here.
I am trying to use OPNsense as gateway to all my local VLANS. The following is the simplest way of expressing it with pic:
Currently what I have tried so far is, I connected G/0/1 interface of OPNsense server to the Cisco Coreswitch [as LAN], and Connected G/0/2 interface of OPNsense server to Cisco ASA 5525 [as WAN]. In this case Cisco ASA is the one connected to EPON and gateway to the internet.
Since am just testing for now, I used VLAN22 as example and set a LAN IP of OPNsense server as gateway to dhcppool for vlan 22 in Core Switch, so that end devices uses or pass through OPNsense server [my thoughts].
The problem is I couldn't see a right output from traffic analyzer on OPNsense when I tried to download some huge files, while I was downloading with 1MBs the analyzer shows still in KB. In my understanding the analyzer could only shows me the LAN traffic right?
The ultimate goal of mine is to direct traffics from core switch to OPNsense and from OPNsense to Cisco ASA. Do I need to do some routing on OPNSense to do that?
Thanks
Logged
HamiltonWDS
Newbie
Posts: 10
Karma: 2
Re: Using OPNsense as gateway to LANs
«
Reply #1 on:
September 30, 2022, 12:36:56 am »
If I understand correctly, you are using a dual firewall arrangement (OPNsense and Cisco ASA), which therefore likely to have Double NAT'ting going on. Assuming that both the OPNsense and ASA are set to NAT'ting.
If that is the case, you can either place the ASA or OPNsense to use Static Routing, depends which is easier.
In this arrangement, the ASA would be best to do so as it has just one internal link.
Unfortunately, I do not know how to do the Static Route for the ASA.
I have done static routes for a forward OPNsense firewall, but since this is at the backside, it should be the one handling the NAT'ting. Reason would be due to the amount of manual work needed for it and if different networks are involved.
For the ASA, the Static Route would need to designate then internal network (the link between the ASA and OPNsense; example 10.1.1.0/30 - ASA:10.1.1.1 OPN:10.1.1.2) and likely need a Gateway with it. Then if the ASA has something like OPNsense NAT Outbound, it would be to (in OPNsense terms) set to Manual and create a Rule in which the WAN interface is tied to Source Address of the Internal Network (10.1.1.0/30), the Destination Address would be blank.
Logged
Elhanan
Newbie
Posts: 5
Karma: 0
Re: Using OPNsense as gateway to LANs
«
Reply #2 on:
October 06, 2022, 07:14:51 pm »
@HamiltonWDS, Thank you so much for your point. Let me clarify the structure of my network and how am trying to implement filtering of traffic from LAN before they reach the Cisco Firewall.
As you can see in the picture, currently, I am just testing OPNsense by connecting the LAN side to Coreswitch (Cisco 3850 on different VLAN) and the other interface to the ASA Firewall as WAN. I didn't want to interrupt the current connection, therefore, I just connected WAN side of OPNsense to a different interface on Cisco ASA.
The routing between the core switch and ASA is been made with OSPF, after that on Cisco ASA both NAT and the static route have been done for that to access the internet. My current idea is to route traffic of some VLAN to OPNsense from the Coreswitch, and then forward traffic to Cisco ASA to access the internet. Therefore do I need to do some routing on OPNsense itself for the WAN and do another routing staff on the Core Switch to route traffic to OPNsense from different VLANs?
Thank you
«
Last Edit: October 06, 2022, 07:23:06 pm by Elhanan
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Using OPNsense as gateway to LANs