Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
issues with setup, existing L3 switch with vlans
« previous
next »
Print
Pages: [
1
]
Author
Topic: issues with setup, existing L3 switch with vlans (Read 2939 times)
greymatter313
Newbie
Posts: 5
Karma: 0
issues with setup, existing L3 switch with vlans
«
on:
March 19, 2019, 09:58:08 pm »
Hello,
I just built an Apu4c4 OPNsense box and am trying to replace an old asa5505 that's seen better days.
Existing network is c3750 stack running L3 with several vlans, i have a WAN vlan (10.1.5.0/30) thats running from the 3750(10.1.5.2) to the ASA(10.1.5.1).
existing vlans are all 10.0.x.x/24.
i have setup the LAN port on the OPNsense box to match the old internal interface of the ASA and just set the WAN port on the OPN box to DHCP.
I have setup static routes back to the 3750 on the OPN box.
OPN is pulling IP fine however I could not ping anything external, internal devices ping fine.
I added a gateway for the LAN pointing at the WAN ip and can now ping both external and internal address fine from the OPN box. However I still cannot access anything on the internet from any internal devices on any of the vlans.
any ideas on what I am doing wrong here?
Thanks!
Todd
Logged
hbc
Hero Member
Posts: 501
Karma: 47
Re: issues with setup, existing L3 switch with vlans
«
Reply #1 on:
March 19, 2019, 10:34:31 pm »
Your WAN has an private RFC1918 address (10.1.5.0/30). Did you untick the checkbox that blocks RFC1918 addresses on WAN? Or is it just a transfer network due to /30 and traffic is only public ip?
Usually it is the first rule on interface WAN.
«
Last Edit: March 19, 2019, 10:38:40 pm by hbc
»
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
greymatter313
Newbie
Posts: 5
Karma: 0
Re: issues with setup, existing L3 switch with vlans
«
Reply #2 on:
March 19, 2019, 10:41:05 pm »
Apologies, maybe I didn't articulate that correctly, The link from the 3750 switch to the OPNsense box is still an internal vlan. I just called it a WAN vlan. Bad choice of words there, my apologies.
so the LAN port on the OPNsense box is connected to the cisco3750. the WAN port is connected directly to my cable modem. 3750 is running l3 and handling all of the routing for the vlans. these were already setup and are operating as expected.
Logged
greymatter313
Newbie
Posts: 5
Karma: 0
Re: issues with setup, existing L3 switch with vlans
«
Reply #3 on:
March 20, 2019, 04:35:08 pm »
found my issue. I'll explain what I needed in case other folks out there have the same problem.
so i thought that i was safe with the auto rules since there was once for LAN networks, I had assumed this would include all traffic from internal. This was not the case. I noticed that I was able to get to the internet from a console on my 3750 (GW) but nothing else internal and figured i would try setting up a outbound nat rule for 1 vlan. boom, everything was happy! in hindsight I actually prefer it like this as I do have a couple vlans I do not want any traffic seeping out from.
hope this helps someone out there.
I do have to say I am VERY impressed with OPNsense so far and kind of kicking myself for not doing this sooner!
already have replaced my old ovpn server with OPNsense box with MFA, very slick setup!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
issues with setup, existing L3 switch with vlans
