Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

I can't connet the IPsec when my pfsense connet to Zyxel firewall!!!!

Locked IPsec

4 Posts 3 Posters 2.5k Views

Log in to reply

W

waiven
last edited by May 2, 2008, 2:30 AM May 2, 2008, 2:28 AM

I can't connet the IPsec when my pfsense connet to Zyxel firewall!!!!
is it "My identifier" problem? can I use "user FQDN"?

pfsense side network IP: unknown (Dynamic IP)
Zyxel side network IP: know (xxx.xxx.xxx.xxx)

I use aggressive mode, I mark xxx.xxx.xxx.xxx on the pfsense.

ZyXEL Config:
Encryption Algorithm: 3DES
Authentication Algorithm: MD5
SA Life Time (Seconds): 28800
Key Group: DH2
Pre-Shared Key: it is the key
Enable Replay Detection: Yes
Enable Multiple Proposals: Yes

pfsense Config:
Encryption algorithm: 3DES
Hash algorithm: MD5
DH key group: 2
Authentication method: Pre-shared Key
Pre-Shared Key: it is the key
Protocol: ESP
Encryption algorithms: 3DES
Hash algorithms: MD5
PFS key group: 2

ps: if Zyxel connet pfsense, use Aggressive, use same config, is ok~~~
1 Reply Last reply
Reply Quote 0
H

hoba
last edited by May 2, 2008, 11:55 AM

You should use an identifier other than ip for the pfSense end. However this identifier has to be added to the zyxel to identify/authenticate the connection. Check your Zyxel manpage how to do this and what identifiers are supported.
1 Reply Last reply
Reply Quote 0
W

waiven
last edited by May 3, 2008, 3:16 AM

Thank you for your answer!!!!
Is it enter Zyxel side network IP(xxx.xxx.xxx.xxx) in the "My identifier" of pfsense???
1 Reply Last reply
Reply Quote 0
D

dusan
last edited by May 3, 2008, 10:38 AM

Don't use IP address, it is dynamic. Try other identifier types.
1 Reply Last reply
Reply Quote 0

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.

1 / 1