• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

I can't connet the IPsec when my pfsense connet to Zyxel firewall!!!!

Scheduled Pinned Locked Moved IPsec
4 Posts 3 Posters 2.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W
    waiven
    last edited by May 2, 2008, 2:30 AM May 2, 2008, 2:28 AM

    I can't connet the IPsec when my pfsense connet to Zyxel firewall!!!!
    is it "My identifier" problem? can I use "user FQDN"?

    pfsense side network IP: unknown (Dynamic IP)
    Zyxel side network IP: know (xxx.xxx.xxx.xxx)

    I use aggressive mode, I mark xxx.xxx.xxx.xxx on the pfsense.

    ZyXEL Config:
    Encryption Algorithm: 3DES
    Authentication Algorithm: MD5
    SA Life Time (Seconds): 28800
    Key Group: DH2
    Pre-Shared Key: it is the key
    Enable Replay Detection: Yes
    Enable Multiple Proposals: Yes

    pfsense Config:
    Encryption algorithm: 3DES
    Hash algorithm: MD5
    DH key group: 2
    Authentication method: Pre-shared Key
    Pre-Shared Key: it is the key
    Protocol: ESP
    Encryption algorithms: 3DES
    Hash algorithms: MD5
    PFS key group: 2

    ps: if Zyxel connet pfsense, use Aggressive, use same config, is ok~~~

    1 Reply Last reply Reply Quote 0
    • H
      hoba
      last edited by May 2, 2008, 11:55 AM

      You should use an identifier other than ip for the pfSense end. However this identifier has to be added to the zyxel to identify/authenticate the connection. Check your Zyxel manpage how to do this and what identifiers are supported.

      1 Reply Last reply Reply Quote 0
      • W
        waiven
        last edited by May 3, 2008, 3:16 AM

        Thank you for your answer!!!!
        Is it enter Zyxel side network IP(xxx.xxx.xxx.xxx) in the "My identifier" of pfsense???

        1 Reply Last reply Reply Quote 0
        • D
          dusan
          last edited by May 3, 2008, 10:38 AM

          Don't use IP address, it is dynamic. Try other identifier types.

          1 Reply Last reply Reply Quote 0
          3 out of 4
          • First post
            3/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received