At our local office we have a WAN connection which we break off into two VLANs using a Cisco RVS4000 Router: Our main gigabit ethernet wired network 10.1.0.0/24 and a wireless network 172.16.1.0/24.
Attached to both networks is a PFSense box. I would like to use this PFSense box to set up a way for specific wireless users to securely access the wired network. I was thinking of doing this with a PPTP VPN, but I am open to other suggestions.
The Cisco RVS4000 has replaced the PFSense box. Previously this PFSense box was acting as the router and had both a LAN and an OPT1 network, and wireless clients on OPT1 could connect via PPTP to the LAN network. But I am unsure of how to configure a similar setup now that the PFSense box isn't acting as a router/NAT system. Should the PFSense's WAN port be connected to the wired network or the wireless network? Or should I drop PFSense and use a different system altogether?
Best Answer
You can keep pfSense doing that. WAN should always point to the side where your default gateway resides. The other network can stay OPT1 or be LAN. Then configure your rules accordingly so users can only hit your VPN and the Internet. May want to disable NAT in that scenario so the edge RVS4000 sees the true source IPs (Enable advanced outbound NAT, delete auto-added rule). Will need static route on RVS4000 in that case.