Problem with Mobile IPsec
-
Hi all, i try to setup a Road Warrior Ipsec vpn on 1.2.3-RELEASE , i have follow the step by step in the pfsense book, with the Shrew Soft client, but i got into these problem below: ???
May 16 16:11:38 racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 1 negotiation: ...[500]<=>...[500]
May 16 16:11:38 racoon: INFO: begin Aggressive mode.
May 16 16:11:38 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
May 16 16:11:38 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01
May 16 16:11:38 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
May 16 16:11:38 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
May 16 16:11:38 racoon: INFO: received Vendor ID: RFC 3947
May 16 16:11:38 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
May 16 16:11:38 racoon: INFO: received Vendor ID: DPD
May 16 16:11:38 racoon: INFO: received Vendor ID: CISCO-UNITY
May 16 16:11:38 racoon: ERROR: ignore information because ISAKMP-SAhas not been established yet.anybody can help me with this?
thank you
-
Hi,
pfsense 1.2.3 dont support nat-t.
Limitations
NAT-T is not supported until version 2.0, which means mobile clients behind NAT are not supported. This limits pfSense's usefulness with mobile IPsec clients. OpenVPN or PPTP is a better solution.
Alternatively use Openvpn or pfsense v2 .
cya