VPN IPsec GRE: Cisco <-> pfSense
-
I think I am having the same issue as yourself.
I can get a basic GRE tunnel established and ping from my Cisco 887 to the pfSense box (10.0.10.2 to 10.0.10.1 are the tunnel IPs) but once i initiate a connection and bring up the IPSEC part I can no longer ping.
I have also seen the same event in the log of the cisco887.
-
here is what I think is all the information you have requested.
Thank you for looking into this.BTW it is possible isnt it?
-
It is possible, yes. Though your WAN is behind NAT, that won't work properly with transport mode IPsec as far as I'm aware. Need to have a public address on both sides of the tunnel or IPsec has no hope of working in transport mode.
-
The WAN IP address on pfSense is 10.250.0.2 in the post above, which is not a public address. Both IPsec endpoints must have a public address for transport mode IPsec to work.
-
we might want to split this up as my config seems to be differnet from the other poster.
Also I am running Tunnel IPv4, would that not work?
-
It may be a different issue.
You can't run GRE from pfSense to a remote using tunnel mode, only transport. Or if it is possible I've never seen it work. I expect the Cisco end would require transport mode for that as well.
I'll attempt to split the thread.
-
In order to get the spare public IP on the pfsense box I am thinking of moving the outside interface into a l2 vlan.
However my cisco ASA is doing the PPoE to the ISP I am sensing that the routing from this secondardy link isnt going to work. I could maybe use the pfsense box to do the PPoE couldnt I?