I can't connet the IPsec when my pfsense connet to Zyxel firewall!!!!
-
I can't connet the IPsec when my pfsense connet to Zyxel firewall!!!!
is it "My identifier" problem? can I use "user FQDN"?pfsense side network IP: unknown (Dynamic IP)
Zyxel side network IP: know (xxx.xxx.xxx.xxx)I use aggressive mode, I mark xxx.xxx.xxx.xxx on the pfsense.
ZyXEL Config:
Encryption Algorithm: 3DES
Authentication Algorithm: MD5
SA Life Time (Seconds): 28800
Key Group: DH2
Pre-Shared Key: it is the key
Enable Replay Detection: Yes
Enable Multiple Proposals: Yespfsense Config:
Encryption algorithm: 3DES
Hash algorithm: MD5
DH key group: 2
Authentication method: Pre-shared Key
Pre-Shared Key: it is the key
Protocol: ESP
Encryption algorithms: 3DES
Hash algorithms: MD5
PFS key group: 2ps: if Zyxel connet pfsense, use Aggressive, use same config, is ok~~~
-
You should use an identifier other than ip for the pfSense end. However this identifier has to be added to the zyxel to identify/authenticate the connection. Check your Zyxel manpage how to do this and what identifiers are supported.
-
Thank you for your answer!!!!
Is it enter Zyxel side network IP(xxx.xxx.xxx.xxx) in the "My identifier" of pfsense??? -
Don't use IP address, it is dynamic. Try other identifier types.