I can't connet the IPsec when my pfsense connet to Zyxel firewall!!!!

waiven

I can't connet the IPsec when my pfsense connet to Zyxel firewall!!!!
is it "My identifier" problem? can I use "user FQDN"?

pfsense side network IP: unknown (Dynamic IP)
Zyxel side network IP: know (xxx.xxx.xxx.xxx)

I use aggressive mode, I mark xxx.xxx.xxx.xxx on the pfsense.

ZyXEL Config:
Encryption Algorithm: 3DES
Authentication Algorithm: MD5
SA Life Time (Seconds): 28800
Key Group: DH2
Pre-Shared Key: it is the key
Enable Replay Detection: Yes
Enable Multiple Proposals: Yes

pfsense Config:
Encryption algorithm: 3DES
Hash algorithm: MD5
DH key group: 2
Authentication method: Pre-shared Key
Pre-Shared Key: it is the key
Protocol: ESP
Encryption algorithms: 3DES
Hash algorithms: MD5
PFS key group: 2

ps: if Zyxel connet pfsense, use Aggressive, use same config, is ok~~~

hoba

You should use an identifier other than ip for the pfSense end. However this identifier has to be added to the zyxel to identify/authenticate the connection. Check your Zyxel manpage how to do this and what identifiers are supported.

waiven

Thank you for your answer!!!!
Is it enter Zyxel side network IP(xxx.xxx.xxx.xxx) in the "My identifier" of pfsense???

dusan

Don't use IP address, it is dynamic. Try other identifier types.