Converting from Cisco FPR1010 to OPNSense.

Started by fbeye, January 11, 2023, 08:18:58 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
January 26, 2023, 05:05:12 AM #15
8
January 26, 2023, 05:05:34 AM #16
8
January 26, 2023, 11:50:42 AM #17
The least I believe that your picture 6 should be set to hybrid. as you do have NAT rules, and so whatever is selected is incorrect.
January 26, 2023, 04:22:30 PM #18
Morning!

Thank you for the help. When I get home I shall do that. I was thinking, should I remove the .182 virtual IP as it is the main pulled IP by PPPoE from my ISP?
January 27, 2023, 02:33:28 AM #19 Last Edit: January 27, 2023, 04:54:55 PM by fbeye
Evening.

Well, I did exactly as mentioned changing OUTBOUND NAT to Hybrid, and I also removed the VitrualIP x.x.x.182 as it was the default grabbed Router WAN.
But, to no avail.
I did notice that when using the default 192.168.1.0 Subnet (192.168.1.5 I.E) I could get on the internet all is well, but when I connect to my 192.168.5.0 Network, nothing.

P.S. - I wanted to mention, I did my 1:1 NAT as NAT, Not BINAT (if that makes a difference) and then I made NO NAT at all for my .182 (OPNSense WAN) to my LAN but as I said, on the default LAN I could get internet, but not through to my SG500X, So I wonder if I need another NAT for that.

So basically on my existing server;
PPPoE w/ Block of 8 Static IP's (6 usable)
LAN; 192.168.1.0
--I have an SG500X Cisco 48Port Switch that hosts a 192.168.5.0 Subnet which has a PBR back to the 192.168.1.0 Network via 192.168.1.2 GE 1/1 on the SG500X. So, 192.168.5.0 gets onto the Internet through the PBR to 192.168.1.2 which is on GE1/1 (as well) on the Cisco.

I am wondering if maybe my issue is a missing or incorrect configuration for data to go to/through the SG500X and back. As I mentioned, I created a static route '192.168.5.0/24 255.255.255.0 192.168.1.2' (not verbatim) and then  OPNSense I made a Gateway 192.168.1.2 and added it to the IP Route configuration.

I mean, I suppose (but would greatly hate) to reconfigure my complete network all using 192.168.1.0 Network as I know by heart my hosts etc, and I know it's not terrible, but then I will always wonder how to actually do it this way, the way I want.
I had it this way before because I had wanted ONE Subnet for everything to be on, but had 2 ISP's with 2 PBR's, 192.168.5.2-192.168.5.128 PBR1 and then 192.168.5.129 - 192.168.5.224 PBR2. Though I removed my 2nd ISP, I left my network as is.
I have no issues changing my concept etc for something better, I am absolutely open to learn.
January 28, 2023, 02:20:16 AM #20
Hello.

So I was thinking I jumped into some advanced (for me) configurations and wanted to go back to basics and build upon them as I go.

I set up my WAN to PPPoE and it grabbed the correct IP from my Block of Static IP's, so I did that right.
I set up my LAN as default, 192.168.1.0 and when I plug my PC in I get Internet access, so I did that right.

What I want to do, and correct me if I am wrong, is allow Internet access to my SG500X L3 Switch. On the Switch, GE1/1 is set to 192.168.1.2 (an IP from OPNSense) and I have a Network of 192.168.5.0. 192.168.5.0 gets on the Internet with a PBR via 192.168.1.2 which talks to 192.168.1.1 (On OPNSense) and will use it's WAN for Internet, x.x.x.182.

On Cisco, this is how I have it set and it works. I am assuming because 192.168.1.2 would be the same with Opn, I really do not need to change anything on the SG500X as the PBR is not changing... I also assume all I need on the OPNSense is a #1 Gateway such as 192.168.1.2 (5 Network is reached via 192.168.1.2) and #2 a Route to 192.168.5.0 using GW 192.168.1.2.
Naturally I am getting No Internet connection having it set up this way.. So I am missing something, which is probably the same something as before..But instead of trying to figure out all my virtual ip's etc I want to see in the least why 192.168.5.0 does not get Internet.

I want to do baby steps before I get all advanced.

Also, at this stage NO NAT or Firewall Rules or Outbound has been changed... I did change to hybrid outbound but to no avail.
January 28, 2023, 05:37:14 PM #21
NAT is one to many, so you should try binat.
January 28, 2023, 05:51:02 PM #22
Hello

I will give that a shot tonight.. For the STATIC WAN to LAN's.

Do I need to create a NAT for the 192.168.5.0? That would indeed be 1 to many, as that subnet would be using the WAN IP. By default clearly NAT goes to the 192.168.1.0 Subnet on the OPNSense because I could surf the web, but not through the 5.0 Subnet.
January 29, 2023, 03:18:19 AM #23
for every VLAN that needs to go to the Internet then yes.
January 29, 2023, 05:31:20 PM #24
Yeah I clearly am a no go on this. For whatever reason I can not get my INNER network to get on the net, and I did all we spoke of. This 192.168.5.0 is being generated/hosted on the SG500X and for some reason I can't get it to see the Internet.
I will give it a break for now.

Thank you.
Print
Go Up Pages 1 2
User actions