0

At our local office we have a WAN connection which we break off into two VLANs using a Cisco RVS4000 Router: Our main gigabit ethernet wired network 10.1.0.0/24 and a wireless network 172.16.1.0/24.

Attached to both networks is a PFSense box. I would like to use this PFSense box to set up a way for specific wireless users to securely access the wired network. I was thinking of doing this with a PPTP VPN, but I am open to other suggestions.

The Cisco RVS4000 has replaced the PFSense box. Previously this PFSense box was acting as the router and had both a LAN and an OPT1 network, and wireless clients on OPT1 could connect via PPTP to the LAN network. But I am unsure of how to configure a similar setup now that the PFSense box isn't acting as a router/NAT system. Should the PFSense's WAN port be connected to the wired network or the wireless network? Or should I drop PFSense and use a different system altogether?

Josh
  • 9,001
  • 27
  • 78
  • 124
  • Are these wireless users guests on your network using your Internet connection? What resources do you want to give them access to on the LAN? – gravyface Aug 17 '10 at 01:16
  • @gravyface: Some are guests, some are users who have workstations on the LAN, but might be using a wireless device, so I want to authenticate the users via PPTP or some other mechanism and give them full access to the LAN, but no access to guests. – Josh Aug 17 '10 at 03:00

1 Answers1

1

You can keep pfSense doing that. WAN should always point to the side where your default gateway resides. The other network can stay OPT1 or be LAN. Then configure your rules accordingly so users can only hit your VPN and the Internet. May want to disable NAT in that scenario so the edge RVS4000 sees the true source IPs (Enable advanced outbound NAT, delete auto-added rule). Will need static route on RVS4000 in that case.

Chris Buechler
  • 2,938
  • 14
  • 18