VPN IPsec GRE: Cisco <-> pfSense
I think I am having the same issue as yourself.
I can get a basic GRE tunnel established and ping from my Cisco 887 to the pfSense box (10.0.10.2 to 10.0.10.1 are the tunnel IPs) but once i initiate a connection and bring up the IPSEC part I can no longer ping.
I have also seen the same event in the log of the cisco887.
here is what I think is all the information you have requested.
Thank you for looking into this.
BTW it is possible isnt it?
It is possible, yes. Though your WAN is behind NAT, that won't work properly with transport mode IPsec as far as I'm aware. Need to have a public address on both sides of the tunnel or IPsec has no hope of working in transport mode.
The WAN IP address on pfSense is 10.250.0.2 in the post above, which is not a public address. Both IPsec endpoints must have a public address for transport mode IPsec to work.
we might want to split this up as my config seems to be differnet from the other poster.
Also I am running Tunnel IPv4, would that not work?
It may be a different issue.
You can't run GRE from pfSense to a remote using tunnel mode, only transport. Or if it is possible I've never seen it work. I expect the Cisco end would require transport mode for that as well.
I'll attempt to split the thread.
In order to get the spare public IP on the pfsense box I am thinking of moving the outside interface into a l2 vlan.
However my cisco ASA is doing the PPoE to the ISP I am sensing that the routing from this secondardy link isnt going to work. I could maybe use the pfsense box to do the PPoE couldnt I?