Encryption domains with Cisco Vpn
I created a VPN with PfSense from my side and Cisco firewall to other side. Phase 1 is established in both sides, phase 2 is down from my side and Active Idle to other side.
Otherside told me that traffic has to go trough 2 encryption domain, otherwise they can not allow the VPN (policies company).
I think that I created the 2 encryption domain in phase 2, but I dont know why not work.
"Encryption domain" in Cisco-speak is a Phase 2 entry. Something in there must not match their side exactly.
Set your IPsec logging as shown under https://doc.pfsense.org/index.php/IPsec_Troubleshooting#Common_Errors_.28strongSwan.2C_pfSense_.3E.3D_2.2.x.29 and see what shows up when the Cisco side tries to initiate the tunnel.