VPN IPsec GRE: Cisco <-> pfSense

  • I think I am having the same issue as yourself.
    I can get a basic GRE tunnel established and ping from my Cisco 887 to the pfSense box ( to are the tunnel IPs) but once i initiate a connection and bring up the IPSEC part I can no longer ping.
    I have also seen the same event in the log of the cisco887.

  • here is what I think is all the information you have requested.
    Thank you for looking into this.

    BTW it is possible isnt it?


  • Rebel Alliance Developer Netgate

    It is possible, yes. Though your WAN is behind NAT, that won't work properly with transport mode IPsec as far as I'm aware. Need to have a public address on both sides of the tunnel or IPsec has no hope of working in transport mode.

  • Rebel Alliance Developer Netgate

    The WAN IP address on pfSense is in the post above, which is not a public address. Both IPsec endpoints must have a public address for transport mode IPsec to work.

  • we might want to split this up as my config seems to be differnet from the other poster.

    Also I am running Tunnel IPv4, would that not work?

  • Rebel Alliance Developer Netgate

    It may be a different issue.

    You can't run GRE from pfSense to a remote using tunnel mode, only transport. Or if it is possible I've never seen it work. I expect the Cisco end would require transport mode for that as well.

    I'll attempt to split the thread.

  • In order to get the spare public IP on the pfsense box I am thinking of moving the outside interface into a l2 vlan.
    However my cisco ASA is doing the PPoE to the ISP I am sensing that the routing from this secondardy link isnt going to work. I could maybe use the pfsense box to do the PPoE couldnt I?

Log in to reply