Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Resolvido] Configuração VPN IPsec Pfsense > CISCO ASA

    Scheduled Pinned Locked Moved Portuguese
    21 Posts 2 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcellocM
      marcelloc
      last edited by

      foca nesta parte aqui:

      May 17 20:58:00 charon 13[IKE] <76> 200.196.59.yyy is initiating a Main Mode IKE_SA
      May 17 20:58:00 charon 13[IKE] <76> IKE_SA (unnamed)[76] state change: CREATED => CONNECTING
      May 17 20:58:00 charon 13[CFG] <76> selecting proposal:
      May 17 20:58:00 charon 13[CFG] <76> no acceptable ENCRYPTION_ALGORITHM found

      Treinamentos de Elite: http://sys-squad.com

      Help a community developer! ;D

      1 Reply Last reply Reply Quote 0
      • W
        wesleylc1 Rebel Alliance
        last edited by

        @marcelloc:

        foca nesta parte aqui:

        May 17 20:58:00 charon 13[IKE] <76> 200.196.59.yyy is initiating a Main Mode IKE_SA
        May 17 20:58:00 charon 13[IKE] <76> IKE_SA (unnamed)[76] state change: CREATED => CONNECTING
        May 17 20:58:00 charon 13[CFG] <76> selecting proposal:
        May 17 20:58:00 charon 13[CFG] <76> no acceptable ENCRYPTION_ALGORITHM found

        Marcello, bom dia.

        Então essa parte faze referência ao tunel que já esta funcionando, eu fiz uma outra coleta de log a onde tem a tentativa de troca entre as pontas que estão com problemas.

        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>queueing ISAKMP_VENDOR task
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>queueing ISAKMP_CERT_PRE task
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>queueing MAIN_MODE task
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>queueing ISAKMP_CERT_POST task
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>queueing ISAKMP_NATD task
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>queueing QUICK_MODE task
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>activating new tasks
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>activating ISAKMP_VENDOR task
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>activating ISAKMP_CERT_PRE task
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>activating MAIN_MODE task
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>activating ISAKMP_CERT_POST task
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>activating ISAKMP_NATD task
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>sending XAuth vendor ID
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>sending DPD vendor ID
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>sending FRAGMENTATION vendor ID
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>sending NAT-T (RFC 3947) vendor ID
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>initiating Main Mode IKE_SA con2000[7] to 201.77.217.70
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>IKE_SA con2000[7] state change: CREATED => CONNECTING
        May 18 09:23:53 PRJGWSP charon: 11[CFG] <con2000|7>configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
        May 18 09:23:53 PRJGWSP charon: 11[ENC] <con2000|7>generating ID_PROT request 0 [ SA V V V V V ]
        May 18 09:23:53 PRJGWSP charon: 11[NET] <con2000|7>sending packet: from 187.75.209.XXX[500] to 201.77.217.YY[500] (176 bytes)
        May 18 09:23:53 PRJGWSP charon: 07[NET] <con2000|7>received packet: from 201.77.217.YY[500] to 187.75.209.XXX[500] (116 bytes)
        May 18 09:23:53 PRJGWSP charon: 07[ENC] <con2000|7>parsed ID_PROT response 0 [ SA V V ]
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>received NAT-T (RFC 3947) vendor ID
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>received FRAGMENTATION vendor ID
        May 18 09:23:53 PRJGWSP charon: 07[CFG] <con2000|7>selecting proposal:
        May 18 09:23:53 PRJGWSP charon: 07[CFG] <con2000|7>proposal matches55.248
        May 18 09:23:53 PRJGWSP charon: 07[CFG] <con2000|7>received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
        May 18 09:23:53 PRJGWSP charon: 07[CFG] <con2000|7>configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
        May 18 09:23:53 PRJGWSP charon: 07[CFG] <con2000|7>selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>reinitiating already active tasks
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>ISAKMP_VENDOR task
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>MAIN_MODE task
        May 18 09:23:53 PRJGWSP charon: 07[ENC] <con2000|7>generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
        May 18 09:23:53 PRJGWSP charon: 07[NET] <con2000|7>sending packet: from 187.75.209.XXX[500] to 201.77.217.YY[500] (244 bytes)
        May 18 09:23:53 PRJGWSP charon: 07[NET] <con2000|7>received packet: from 201.77.217.YY[500] to 187.75.209.XXX[500] (304 bytes)
        May 18 09:23:53 PRJGWSP charon: 07[ENC] <con2000|7>parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>received Cisco Unity vendor ID
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>received XAuth vendor ID
        May 18 09:23:53 PRJGWSP charon: 07[ENC] <con2000|7>received unknown vendor ID: fb:21:43:f4:06:1f:2b:6f:f0:1b:c0:61:cb:f7:43:df
        May 18 09:23:53 PRJGWSP charon: 07[ENC] <con2000|7>received unknown vendor ID: 1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>reinitiating already active tasks
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>ISAKMP_VENDOR task
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>MAIN_MODE task
        May 18 09:23:53 PRJGWSP charon: 07[ENC] <con2000|7>generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
        May 18 09:23:53 PRJGWSP charon: 07[NET] <con2000|7>sending packet: from 187.75.209.XXX[500] to 201.77.217.YY[500] (100 bytes)
        May 18 09:23:53 PRJGWSP charon: 07[NET] <con2000|7>received packet: from 201.77.217.YY[500] to 187.75.209.XXX[500] (84 bytes)
        May 18 09:23:53 PRJGWSP charon: 07[ENC] <con2000|7>parsed ID_PROT response 0 [ ID HASH V ]
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>received DPD vendor ID
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>IKE_SA con2000[7] established between 187.75.209.246[187.75.209.246]…201.77.217.70[201.77.217.70]
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>IKE_SA con2000[7] state change: CONNECTING => ESTABLISHED
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>activating new tasks
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>activating QUICK_MODE task
        May 18 09:23:53 PRJGWSP charon: 07[CFG] <con2000|7>configured proposals: ESP:3DES_CBC/HMAC_SHA1_96/MODP_768/NO_EXT_SEQ
        May 18 09:23:53 PRJGWSP charon: 07[CFG] <con2000|7>configured proposals: ESP:3DES_CBC/HMAC_SHA1_96/MODP_768/NO_EXT_SEQ
        May 18 09:23:53 PRJGWSP charon: 07[CFG] <con2000|7>configured proposals: ESP:3DES_CBC/HMAC_SHA1_96/MODP_768/NO_EXT_SEQ
        May 18 09:23:53 PRJGWSP charon: 07[CFG] <con2000|7>proposing traffic selectors for us:
        May 18 09:23:53 PRJGWSP charon: 07[CFG] <con2000|7>192.168.40.0/22|/0
        May 18 09:23:53 PRJGWSP charon: 07[CFG] <con2000|7>proposing traffic selectors for other:
        May 18 09:23:53 PRJGWSP charon: 07[CFG] <con2000|7>172.20.3.224/29|/0
        May 18 09:23:53 PRJGWSP charon: 07[ENC] <con2000|7>generating QUICK_MODE request 2020508884 [ HASH SA No KE ID ID ]
        May 18 09:23:53 PRJGWSP charon: 07[NET] <con2000|7>sending packet: from 187.75.209.XXX[500] to 201.77.217.YY[500] (268 bytes)
        May 18 09:23:53 PRJGWSP charon: 11[NET] <con2000|7>received packet: from 201.77.217.YY[500] to 187.75.209.XXX[500] (92 bytes)
        May 18 09:23:53 PRJGWSP charon: 11[ENC] <con2000|7>parsed INFORMATIONAL_V1 request 2948734236 [ HASH N((24576)) ]
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>received (24576) notify
        May 18 09:23:53 PRJGWSP charon: 11[NET] <con2000|7>received packet: from 201.77.217.YY[500] to 187.75.209.XXX[500] (308 bytes)
        May 18 09:23:53 PRJGWSP charon: 11[ENC] <con2000|7>parsed INFORMATIONAL_V1 request 2489781574 [ HASH N(INVAL_ID) ]
        May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>received INVALID_ID_INFORMATION error notify
        May 18 09:23:53 PRJGWSP charon: 11[CHD] <con2000|7>CHILD_SA con2000{47} state change: CREATED => DESTROYING
        May 18 09:23:53 PRJGWSP charon: 07[NET] <con2000|7>received packet: from 201.77.217.YY[500] to 187.75.209.XXX[500] (84 bytes)
        May 18 09:23:53 PRJGWSP charon: 07[ENC] <con2000|7>parsed INFORMATIONAL_V1 request 2777439799 [ HASH D ]
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>received DELETE for IKE_SA con2000[7]
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>deleting IKE_SA con2000[7] between 187.75.209.XXX[187.75.209.XXX]…201.77.217.YY[201.77.217.YY]
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>IKE_SA con2000[7] state change: ESTABLISHED => DELETING
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>IKE_SA con2000[7] state change: DELETING => DELETING
        May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>IKE_SA con2000[7] state change: DELETING => DESTROYING
        May 18 09:23:53 PRJGWSP charon: 07[CFG] vici client 213 connected
        May 18 09:23:53 PRJGWSP charon: 11[CFG] vici client 213 registered for: list-sa
        May 18 09:23:53 PRJGWSP charon: 11[CFG] vici client 213 requests: list-sas
        May 18 09:23:53 PRJGWSP charon: 11[CFG] vici client 213 disconnected
        May 18 09:23:58 PRJGWSP charon: 11[CFG] vici client 214 connected
        May 18 09:23:58 PRJGWSP charon: 06[CFG] vici client 214 registered for: list-sa
        May 18 09:23:58 PRJGWSP charon: 06[CFG] vici client 214 requests: list-sas
        May 18 09:23:58 PRJGWSP charon: 06[CFG] vici client 214 disconnected
        May 18 09:24:03 PRJGWSP charon: 15[CFG] vici client 215 connected
        May 18 09:24:03 PRJGWSP charon: 06[CFG] vici client 215 registered for: list-sa
        May 18 09:24:03 PRJGWSP charon: 16[CFG] vici client 215 requests: list-sas
        May 18 09:24:03 PRJGWSP charon: 16[CFG] vici client 215 disconnected
        May 18 09:24:08 PRJGWSP charon: 15[CFG] vici client 216 connected
        May 18 09:24:08 PRJGWSP charon: 10[CFG] vici client 216 registered for: list-sa
        May 18 09:24:08 PRJGWSP charon: 10[CFG] vici client 216 requests: list-sas
        May 18 09:24:08 PRJGWSP charon: 15[CFG] vici client 216 disconnected
        May 18 09:24:13 PRJGWSP charon: 10[CFG] vici client 217 connected
        May 18 09:24:13 PRJGWSP charon: 12[CFG] vici client 217 registered for: list-sa
        May 18 09:24:13 PRJGWSP charon: 12[CFG] vici client 217 requests: list-sas
        May 18 09:24:13 PRJGWSP charon: 12[CFG] vici client 217 disconnected
        May 18 09:24:18 PRJGWSP charon: 10[CFG] vici client 218 connected
        May 18 09:24:18 PRJGWSP charon: 15[CFG] vici client 218 registered for: list-sa
        May 18 09:24:18 PRJGWSP charon: 10[CFG] vici client 218 requests: list-sas
        May 18 09:24:18 PRJGWSP charon: 10[CFG] vici client 218 disconnected
        May 18 09:24:23 PRJGWSP charon: 15[CFG] vici client 219 connected
        May 18 09:24:23 PRJGWSP charon: 09[CFG] vici client 219 registered for: list-sa
        May 18 09:24:23 PRJGWSP charon: 09[CFG] vici client 219 requests: list-sas
        May 18 09:24:23 PRJGWSP charon: 10[CFG] vici client 219 disconnected</con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7>

        1 Reply Last reply Reply Quote 0
        • W
          wesleylc1 Rebel Alliance
          last edited by

          Olá, boa noite pessoal.
          Estou muito precisando de uma solução para esta caso, alguem pode tentar me ajudar.

          At.te
          Wesley

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by 

            
May 18 09:23:53 PRJGWSP charon: 11[NET] <con2000|7>received packet: from 201.77.217.YY[500] to 187.75.209.XXX[500] (308 bytes)
May 18 09:23:53 PRJGWSP charon: 11[ENC] <con2000|7>parsed INFORMATIONAL_V1 request 2489781574 [ HASH N(INVAL_ID) ]
May 18 09:23:53 PRJGWSP charon: 11[IKE] <con2000|7>received INVALID_ID_INFORMATION error notify
May 18 09:23:53 PRJGWSP charon: 11[CHD] <con2000|7>CHILD_SA con2000{47} state change: CREATED => DESTROYING
May 18 09:23:53 PRJGWSP charon: 07[NET] <con2000|7>received packet: from 201.77.217.YY[500] to 187.75.209.XXX[500] (84 bytes)
May 18 09:23:53 PRJGWSP charon: 07[ENC] <con2000|7>parsed INFORMATIONAL_V1 request 2777439799 [ HASH D ]
May 18 09:23:53 PRJGWSP charon: 07[IKE] <con2000|7>received DELETE for IKE_SA con2000[7]</con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7></con2000|7>

            Se este trecho faz parte do túnel com problema, veja estes erros de HASH Invalido

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • W
              wesleylc1 Rebel Alliance
              last edited by

              Marcello, bom dia.

              Os erros de HASH mencionado por você na ultima interação se refere as configurações desse print anexado?

              ipsec-1.png
              ipsec-1.png_thumb

              1 Reply Last reply Reply Quote 0
              • W
                wesleylc1 Rebel Alliance
                last edited by

                Após realizar alteração para IKEv2 minha internet caiu e ele começou a gerar um monte logar.

                May 21 11:04:23 PRJGWSP charon: 14[IKE] <con2|51>retransmit 4 of request with message ID 0
                May 21 11:04:23 PRJGWSP charon: 14[NET] <con2|51>sending packet: from 187.75.209.XXX[500] to 201.77.217.YY[500] (334 bytes)
                May 21 11:05:05 PRJGWSP charon: 16[IKE] <con2|51>retransmit 5 of request with message ID 0
                May 21 11:05:05 PRJGWSP charon: 16[NET] <con2|51>sending packet: from 187.75.209.XXX[500] to 201.77.217.YY[500] (334 bytes)
                May 21 11:06:21 PRJGWSP charon: 16[IKE] <con2|51>giving up after 5 retransmits
                May 21 11:06:21 PRJGWSP charon: 16[IKE] <con2|51>peer not responding, trying again (3/3)
                May 21 11:06:21 PRJGWSP charon: 16[IKE] <con2|51>IKE_SA con2[51] state change: CONNECTING => CREATED
                May 21 11:06:21 PRJGWSP charon: 16[IKE] <con2|51>activating new tasks
                May 21 11:06:21 PRJGWSP charon: 16[IKE] <con2|51>activating IKE_VENDOR task
                May 21 11:06:21 PRJGWSP charon: 16[IKE] <con2|51>activating IKE_INIT task
                May 21 11:06:21 PRJGWSP charon: 16[IKE] <con2|51>activating IKE_NATD task
                May 21 11:06:21 PRJGWSP charon: 16[IKE] <con2|51>activating IKE_CERT_PRE task
                May 21 11:06:21 PRJGWSP charon: 16[IKE] <con2|51>activating IKE_AUTH task
                May 21 11:06:21 PRJGWSP charon: 16[IKE] <con2|51>activating IKE_CERT_POST task
                May 21 11:06:21 PRJGWSP charon: 16[IKE] <con2|51>activating IKE_CONFIG task
                May 21 11:06:21 PRJGWSP charon: 16[IKE] <con2|51>activating CHILD_CREATE task
                May 21 11:06:21 PRJGWSP charon: 16[IKE] <con2|51>activating IKE_AUTH_LIFETIME task
                May 21 11:06:21 PRJGWSP charon: 16[IKE] <con2|51>initiating IKE_SA con2[51] to 201.77.217.YY
                May 21 11:06:21 PRJGWSP charon: 16[IKE] <con2|51>IKE_SA con2[51] state change: CREATED => CONNECTING
                May 21 11:06:21 PRJGWSP charon: 16[CFG] <con2|51>configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
                May 21 11:06:21 PRJGWSP charon: 16[CFG] <con2|51>sending supported signature hash algorithms: sha1 sha256 sha384 sha512 identity
                May 21 11:06:21 PRJGWSP charon: 16[ENC] <con2|51>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
                May 21 11:06:21 PRJGWSP charon: 16[NET] <con2|51>sending packet: from 187.75.209.XX[500] to 201.77.217.YY[500] (334 bytes)
                May 21 11:06:25 PRJGWSP charon: 12[IKE] <con2|51>retransmit 1 of request with message ID 0
                May 21 11:06:25 PRJGWSP charon: 12[NET] <con2|51>sending packet: from 187.75.209.XXX[500] to 201.77.217.YY[500] (334 bytes)
                May 21 11:06:32 PRJGWSP charon: 12[IKE] <con2|51>retransmit 2 of request with message ID 0
                May 21 11:06:32 PRJGWSP charon: 12[NET] <con2|51>sending packet: from 187.75.209.XXX[500] to 201.77.217.YY[500] (334 bytes)
                May 21 11:06:45 PRJGWSP charon: 12[IKE] <con2|51>retransmit 3 of request with message ID 0
                May 21 11:06:45 PRJGWSP charon: 12[NET] <con2|51>sending packet: from 187.75.209.XXX[500] to 201.77.217.YY[500] (334 bytes)
                May 21 11:07:08 PRJGWSP charon: 12[IKE] <con2|51>retransmit 4 of request with message ID 0
                May 21 11:07:08 PRJGWSP charon: 12[NET] <con2|51>sending packet: from 187.75.209.XXX[500] to 201.77.217.YY[500] (334 bytes)
                May 21 11:07:34 PRJGWSP charon: 12[KNL] creating rekey job for CHILD_SA ESP/0xc5eb5eae/200.196.59.134
                May 21 11:07:34 PRJGWSP charon: 12[IKE] <con1000|27>activating new tasks
                May 21 11:07:34 PRJGWSP charon: 12[IKE] <con1000|27>nothing to initiate</con1000|27></con1000|27></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51>

                1 Reply Last reply Reply Quote 0
                • marcellocM
                  marcelloc
                  last edited by

                  @wesleylc1:

                  May 21 11:06:21 PRJGWSP charon: 16[NET] <con2|51>sending packet: from 187.75.209.XX[500] to 201.77.217.YY[500] (334 bytes)
                  May 21 11:06:25 PRJGWSP charon: 12[IKE] <con2|51>retransmit 1 of request with message ID 0
                  May 21 11:06:25 PRJGWSP charon: 12[NET] <con2|51>sending packet: from 187.75.209.XXX[500] to 201.77.217.YY[500] (334 bytes)
                  May 21 11:06:32 PRJGWSP charon: 12[IKE] <con2|51>retransmit 2 of request with message ID 0
                  May 21 11:06:32 PRJGWSP charon: 12[NET] <con2|51>sending packet: from 187.75.209.XXX[500] to 201.77.217.YY[500] (334 bytes)
                  May 21 11:06:45 PRJGWSP charon: 12[IKE] <con2|51>retransmit 3 of request with message ID 0
                  May 21 11:06:45 PRJGWSP charon: 12[NET] <con2|51>sending packet: from 187.75.209.XXX[500] to 201.77.217.YY[500] (334 bytes)
                  May 21 11:07:08 PRJGWSP charon: 12[IKE] <con2|51>retransmit 4 of request with message ID 0
                  May 21 11:07:08 PRJGWSP charon: 12[NET] <con2|51>sending packet: from 187.75.209.XXX[500] to 201.77.217.YY[500] (334 bytes)
                  May 21 11:07:34 PRJGWSP charon: 12[KNL] creating rekey job for CHILD_SA ESP/0xc5eb5eae/200.196.59.134</con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51></con2|51>

                  Neste trecho do log, aparentemente a outra ponta está te ignorando. 4 transmissões sem nenhuma resposta.

                  Treinamentos de Elite: http://sys-squad.com

                  Help a community developer! ;D

                  1 Reply Last reply Reply Quote 0
                  • W
                    wesleylc1 Rebel Alliance
                    last edited by

                    Agora esta com comunicação porem a ponta dele por algum motivo de regra não retorna a minha solicitação?

                    Agora por qual motivo que esta caindo a minha internet?

                    1 Reply Last reply Reply Quote 0
                    • W
                      wesleylc1 Rebel Alliance
                      last edited by

                      Marcelo, agora quando eu habilito o túnel ele retorna com os logs abaixo e minha conexão para internet fica indisponível.

                      May 21 11:33:08 charon 08[KNL] creating acquire job for policy 187.75.209.XXX/32|/0 === 201.77.217.YY/32|/0 with reqid {31}
                      May 21 11:33:08 charon 12[CFG] ignoring acquire, connection attempt pending
                      May 21 11:33:08 charon 12[KNL] creating acquire job for policy 187.75.209.XXX/32|/0 === 201.77.217.YY/32|/0 with reqid {31}
                      May 21 11:33:08 charon 12[CFG] ignoring acquire, connection attempt pending
                      May 21 11:33:08 charon 12[KNL] creating acquire job for policy 187.75.209.XXX/32|/0 === 201.77.217.YY/32|/0 with reqid {31}
                      May 21 11:33:08 charon 08[CFG] ignoring acquire, connection attempt pending
                      May 21 11:33:08 charon 12[KNL] creating acquire job for policy 187.75.209.XXX/32|/0 === 201.77.217.YY/32|/0 with reqid {31}
                      May 21 11:33:08 charon 16[CFG] ignoring acquire, connection attempt pending
                      May 21 11:33:08 charon 16[KNL] creating acquire job for policy 187.75.209.XXX/32|/0 === 201.77.217.YY/32|/0 with reqid {31}
                      May 21 11:33:08 charon 16[CFG] ignoring acquire, connection attempt pending
                      May 21 11:33:09 charon 16[KNL] creating acquire job for policy 187.75.209.XXX/32|/0 === 201.77.217.YY/32|/0 with reqid {31}

                      1 Reply Last reply Reply Quote 0
                      • W
                        wesleylc1 Rebel Alliance
                        last edited by

                        Marcelo, boa tarde.

                        você me sugere fazer mais algum procedimento?

                        1 Reply Last reply Reply Quote 0
                        • marcellocM
                          marcelloc
                          last edited by

                          Eu particularmente nunca vi a internet cair quanto habilita o ipsec.

                          Treinamentos de Elite: http://sys-squad.com

                          Help a community developer! ;D

                          1 Reply Last reply Reply Quote 0
                          • W
                            wesleylc1 Rebel Alliance
                            last edited by

                            Não está caindo quando habilitou o ipsec, está ficando sem conexão quando eu habilito esse túnel, eu estou com ipsec habilitado.

                            1 Reply Last reply Reply Quote 0
                            • W
                              wesleylc1 Rebel Alliance
                              last edited by

                              Prezados, boa tarde.

                              Alguém tem mais alguma dica para tentar me ajudaR?

                              1 Reply Last reply Reply Quote 0
                              • W
                                wesleylc1 Rebel Alliance
                                last edited by

                                ![@marcelloc said in Configuração VPN IPsec Pfsense > CISCO ASA:

                                ascarar os ips reais do seu log

                                Marcello, boa tarde.
                                Hoje consegui resolver este problema da VPN.
                                Segue um print em anexo com os passos que realizei para obter exito.

                                Agradeço pela sua atenção.
                                0_1527277775746_NAT.png

                                1 Reply Last reply Reply Quote 0
                                • marcellocM
                                  marcelloc
                                  last edited by

                                  Precisou fazer nat no túnel?

                                  Treinamentos de Elite: http://sys-squad.com

                                  Help a community developer! ;D

                                  W 1 Reply Last reply Reply Quote 0
                                  • W
                                    wesleylc1 Rebel Alliance @marcelloc
                                    last edited by

                                    @marcelloc Sim, só funcionou após a configuração do NAT.

                                    marcellocM 1 Reply Last reply Reply Quote 0
                                    • marcellocM
                                      marcelloc @wesleylc1
                                      last edited by

                                      @wesleylc1, só necessidade de configuração de nat quanto a sua faixa de rede também existe na outra ponta do túnel.

                                      Treinamentos de Elite: http://sys-squad.com

                                      Help a community developer! ;D

                                      W 1 Reply Last reply Reply Quote 0
                                      • W
                                        wesleylc1 Rebel Alliance @marcelloc
                                        last edited by

                                        @marcelloc Sim na outra ponta do tunel tbm tem.

                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post
                                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.