I have a bunch of kit in a DC running through Cisco ASAs - this isn't really working out as it relies on us creating, paying and waiting for tickets concerning out network config.
I've been and installed a couple of R230s running pfSense, along with a couple of new switches.
The idea was to have the 2 (4) firewalls running side by side whilst we decide exactly how we want ruling to work on our pf boxes.
To test this out, on one of my servers I have the following config.
enp3s0f0: IP: 10.66.82.16/24 GW: 10.66.82.1 enp4s0f0 IP: 10.44.50.100/24 GW: 10.44.50.250
Now, with either one of these disabled, things work as I expect - ie:
enp3s0f0 enabled, enp4s0f0 disabled:
I can connect to the ASA VPN, and SSH (or otherwise connect to running apps)
enp3s0f0 disabled, enp4s0f0 enabled:
I can connect to the pfSense VPN, and SSH (or otherwise connect to running apps)
enp3s0f0 enabled, enp4s0f0 enabled:
If I connect to the pfSense VPN, I can connect via 10.44.50.100. Disconnecting from above, and connecting to the Cisco VPN, I can't connect to 10.66.82.16.
In all instances where I get no connection, it times out and is not rejected.
When both enabled, the routes (appear) to be correctly added;
default via 10.44.50.250 dev enp4s0f0 proto static
default via 10.66.82.1 dev enp3s0f0 proto static
10.44.50.0/24 dev enp4s0f0 proto kernel scope link src 10.44.50.100
10.66.82.0/24 dev enp3s0f0 proto kernel scope link src 10.66.82.16
I literally have no idea where to head from here, most stuff I've read about seems to identify ip_forwarding as the issue - I've tried this but don't think it relates to my setup on account of being two discrete network cards.
Any help will go a looooong way!
Thanks! Dave.