PfSense 2.0 IPSEC Tunnel to CISCO IOS - FREEZE
-
Hi, I've configured a tunnel from pfSense 2.0 RELEASE to a CISCO IOS (no control over this end).
Phase 1 and 2 come up correctly (phase 2 stays up only if I supply an IP to ping).
As soon as I generate some traffic, ANY traffic (ping, RDP..) on the tunnel, pfSense freezes, console included.I've tried changing the Ethernet cards, downgrading to 2.0 RC3, different hardware, but got the same behavior.
I only got it to work on a Soekris 4801 with a crypto card expansion, but I'd like to go back to a full tower, as the Soekris is rather slow, occasionally hangs a few minutes at a time and Wake On LAN doesn't seem to work..
I should mention that the IPSec is configured on a physical interface with a static IP, as I couldn't figure out how to it with a virtual one.
It seems my issue strongly resembles this http://forum.pfsense.org/index.php?topic=33167.0;prev_next=prev posts' … may be of some help to whomever digs into this one...
By now I'm considering going back to 1.2.3, but as that may take some time to setup (no config backporting), I hoped someone may be of help.
Thank you in advance.
-
sorry for bump
::)
-
If you can post or PM me with the Cisco config that you are using, I will test it on a Cisco 2850 to pfSense on an Alix board. That way, I can see if the problem can be recreated.
That seems odd that it freezes the pfSense box on different hardware. You may need to do two things, run wireshark on the pfSense side, and send the pfSense logs to an external syslog server.
-
There are at least 15 different systems running IPsec to IOS on 2.0 release that I've setup personally, probably hundreds or thousands total, so it's not really that easy. I first suspected some kind of issue with the crypto card, but completely changing out hardware, unless you moved over the crypto card (did you?), would probably rule that out. That linked thread has no relation at all to what you're seeing, the patch that caused that is long gone.