Reply to Can Not Establish IPSEC Connection – PFSense Behind Cisco Router on Fri, 24 Feb 2017 13:22:01 GMT

-Sonic- 0 — Fri, 24 Feb 2017 13:22:01 GMT

Have you fix this problem? It seems that I have exact the same problem as you.
My config is almost the same as yours. I hope someone could give the right answer.

Reply to Can Not Establish IPSEC Connection – PFSense Behind Cisco Router on Sun, 19 Feb 2017 10:53:03 GMT

anking — Sun, 19 Feb 2017 10:53:03 GMT

Now seeing the attempted connection under Status –> IPSEC:

Time Process PID Message
Feb 19 15:12:25 charon 07[NET] received packet: from 103.46.209.154[500] to 10.20.0.2[500]
Feb 19 15:12:25 charon 07[NET] waiting for data on sockets
Feb 19 15:12:25 charon 12[MGR] checkout IKEv1 SA by message with SPIs 7ba7c04f2b6e9753_i 0000000000000000_r
Feb 19 15:12:25 charon 12[MGR] created IKE_SA (unnamed)[3]
Feb 19 15:12:25 charon 12[NET] <3> received packet: from 103.46.209.154[500] to 10.20.0.2[500] (771 bytes)
Feb 19 15:12:25 charon 12[IKE] <3> received FRAGMENTATION vendor ID
Feb 19 15:12:25 charon 12[IKE] <3> received NAT-T (RFC 3947) vendor ID
Feb 19 15:12:25 charon 12[IKE] <3> received draft-ietf-ipsec-nat-t-ike vendor ID
Feb 19 15:12:25 charon 12[IKE] <3> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
Feb 19 15:12:25 charon 12[IKE] <3> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
Feb 19 15:12:25 charon 12[IKE] <3> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
Feb 19 15:12:25 charon 12[IKE] <3> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
Feb 19 15:12:25 charon 12[IKE] <3> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
Feb 19 15:12:25 charon 12[IKE] <3> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Feb 19 15:12:25 charon 12[IKE] <3> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Feb 19 15:12:25 charon 12[IKE] <3> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Feb 19 15:12:25 charon 12[IKE] <3> received XAuth vendor ID
Feb 19 15:12:25 charon 12[IKE] <3> received Cisco Unity vendor ID
Feb 19 15:12:25 charon 12[IKE] <3> received DPD vendor ID
Feb 19 15:12:25 charon 12[IKE] <3> 103.46.209.154 is initiating a Aggressive Mode IKE_SA
Feb 19 15:12:25 charon 12[IKE] <3> IKE_SA (unnamed)[3] state change: CREATED => CONNECTING
Feb 19 15:12:25 charon 12[IKE] <3> no proposal found
Feb 19 15:12:25 charon 12[IKE] <3> queueing INFORMATIONAL task
Feb 19 15:12:25 charon 12[IKE] <3> activating new tasks
Feb 19 15:12:25 charon 12[IKE] <3> activating INFORMATIONAL task
Feb 19 15:12:25 charon 12[NET] <3> sending packet: from 10.20.0.2[500] to 103.46.209.154[500] (56 bytes)
Feb 19 15:12:25 charon 12[MGR] <3> checkin and destroy IKE_SA (unnamed)[3]
Feb 19 15:12:25 charon 04[NET] sending packet: from 10.20.0.2[500] to 103.46.209.154[500]
Feb 19 15:12:25 charon 12[IKE] <3> IKE_SA (unnamed)[3] state change: CONNECTING => DESTROYING
Feb 19 15:12:25 charon 12[MGR] checkin and destroy of IKE_SA successful
Feb 19 15:12:25 charon 07[NET] received packet: from 103.46.209.154[500] to 10.20.0.2[500]
Feb 19 15:12:25 charon 07[NET] waiting for data on sockets
Feb 19 15:12:25 charon 12[MGR] checkout IKEv1 SA by message with SPIs c24d4bc5c9ba68b2_i 0000000000000000_r
Feb 19 15:12:25 charon 12[MGR] created IKE_SA (unnamed)[4]
Feb 19 15:12:25 charon 12[NET] <4> received packet: from 103.46.209.154[500] to 10.20.0.2[500] (771 bytes)
Feb 19 15:12:25 charon 12[IKE] <4> received FRAGMENTATION vendor ID
Feb 19 15:12:25 charon 12[IKE] <4> received NAT-T (RFC 3947) vendor ID
Feb 19 15:12:25 charon 12[IKE] <4> received draft-ietf-ipsec-nat-t-ike vendor ID
Feb 19 15:12:25 charon 12[IKE] <4> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
Feb 19 15:12:25 charon 12[IKE] <4> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
Feb 19 15:12:25 charon 12[IKE] <4> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
Feb 19 15:12:25 charon 12[IKE] <4> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
Feb 19 15:12:25 charon 12[IKE] <4> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
Feb 19 15:12:25 charon 12[IKE] <4> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Feb 19 15:12:25 charon 12[IKE] <4> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Feb 19 15:12:25 charon 12[IKE] <4> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Feb 19 15:12:25 charon 12[IKE] <4> received XAuth vendor ID
Feb 19 15:12:25 charon 12[IKE] <4> received Cisco Unity vendor ID
Feb 19 15:12:25 charon 12[IKE] <4> received DPD vendor ID
Feb 19 15:12:25 charon 12[IKE] <4> 103.46.209.154 is initiating a Aggressive Mode IKE_SA
Feb 19 15:12:25 charon 12[IKE] <4> IKE_SA (unnamed)[4] state change: CREATED => CONNECTING
Feb 19 15:12:25 charon 12[LIB] <4> size of DH secret exponent: 1023 bits
Feb 19 15:12:25 charon 12[IKE] sending XAuth vendor ID
Feb 19 15:12:25 charon 12[IKE] sending DPD vendor ID
Feb 19 15:12:25 charon 12[IKE] sending Cisco Unity vendor ID
Feb 19 15:12:25 charon 12[IKE] sending FRAGMENTATION vendor ID
Feb 19 15:12:25 charon 12[IKE] sending NAT-T (RFC 3947) vendor ID
Feb 19 15:12:25 charon 12[NET] sending packet: from 10.20.0.2[500] to 103.46.209.154[500] (428 bytes)
Feb 19 15:12:25 charon 12[MGR] checkin IKE_SA con1[4]
Feb 19 15:12:25 charon 04[NET] sending packet: from 10.20.0.2[500] to 103.46.209.154[500]
Feb 19 15:12:25 charon 12[MGR] checkin of IKE_SA successful
Feb 19 15:12:29 charon 12[MGR] checkout IKEv1 SA with SPIs c24d4bc5c9ba68b2_i f79e3272d7218d04_r
Feb 19 15:12:29 charon 12[MGR] IKE_SA con1[4] successfully checked out
Feb 19 15:12:29 charon 12[IKE] sending retransmit 1 of response message ID 0, seq 1
Feb 19 15:12:29 charon 12[NET] sending packet: from 10.20.0.2[500] to 103.46.209.154[500] (428 bytes)
Feb 19 15:12:29 charon 12[MGR] checkin IKE_SA con1[4]
Feb 19 15:12:29 charon 04[NET] sending packet: from 10.20.0.2[500] to 103.46.209.154[500]
Feb 19 15:12:29 charon 12[MGR] checkin of IKE_SA successful
Feb 19 15:12:36 charon 12[MGR] checkout IKEv1 SA with SPIs c24d4bc5c9ba68b2_i f79e3272d7218d04_r
Feb 19 15:12:36 charon 12[MGR] IKE_SA con1[4] successfully checked out
Feb 19 15:12:36 charon 12[IKE] sending retransmit 2 of response message ID 0, seq 1
Feb 19 15:12:36 charon 12[NET] sending packet: from 10.20.0.2[500] to 103.46.209.154[500] (428 bytes)
Feb 19 15:12:36 charon 12[MGR] checkin IKE_SA con1[4]
Feb 19 15:12:36 charon 04[NET] sending packet: from 10.20.0.2[500] to 103.46.209.154[500]
Feb 19 15:12:36 charon 12[MGR] checkin of IKE_SA successful
Feb 19 15:12:49 charon 02[MGR] checkout IKEv1 SA with SPIs c24d4bc5c9ba68b2_i f79e3272d7218d04_r
Feb 19 15:12:49 charon 02[MGR] IKE_SA con1[4] successfully checked out
Feb 19 15:12:49 charon 02[IKE] sending retransmit 3 of response message ID 0, seq 1
Feb 19 15:12:49 charon 02[NET] sending packet: from 10.20.0.2[500] to 103.46.209.154[500] (428 bytes)
Feb 19 15:12:49 charon 02[MGR] checkin IKE_SA con1[4]
Feb 19 15:12:49 charon 04[NET] sending packet: from 10.20.0.2[500] to 103.46.209.154[500]
Feb 19 15:12:49 charon 02[MGR] checkin of IKE_SA successful
Feb 19 15:12:55 charon 02[MGR] checkout IKEv1 SA with SPIs 7ba7c04f2b6e9753_i b49a71955a2f7a35_r
Feb 19 15:12:55 charon 02[MGR] IKE_SA checkout not successful
Feb 19 15:12:55 charon 06[MGR] checkout IKEv1 SA with SPIs c24d4bc5c9ba68b2_i f79e3272d7218d04_r
Feb 19 15:12:55 charon 06[MGR] IKE_SA con1[4] successfully checked out
Feb 19 15:12:55 charon 06[MGR] checkin and destroy IKE_SA con1[4]
Feb 19 15:12:55 charon 06[IKE] IKE_SA con1[4] state change: CONNECTING => DESTROYING
Feb 19 15:12:55 charon 06[MGR] checkin and destroy of IKE_SA successful
Feb 19 15:13:12 charon 06[MGR] checkout IKEv1 SA with SPIs c24d4bc5c9ba68b2_i f79e3272d7218d04_r
Feb 19 15:13:12 charon 06[MGR] IKE_SA checkout not successful
Feb 19 15:25:04 charon 07[NET] received packet: from 172.30.3.163[500] to 10.20.0.2[500]
Feb 19 15:25:04 charon 07[NET] waiting for data on sockets
Feb 19 15:25:04 charon 11[MGR] checkout IKEv1 SA by message with SPIs 72c13bb99d21bb9e_i 0000000000000000_r
Feb 19 15:25:04 charon 11[MGR] created IKE_SA (unnamed)[5]
Feb 19 15:25:04 charon 11[NET] <5> received packet: from 172.30.3.163[500] to 10.20.0.2[500] (1183 bytes)
Feb 19 15:25:04 charon 11[IKE] <5> received XAuth vendor ID
Feb 19 15:25:04 charon 11[IKE] <5> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Feb 19 15:25:04 charon 11[IKE] <5> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Feb 19 15:25:04 charon 11[IKE] <5> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Feb 19 15:25:04 charon 11[IKE] <5> received NAT-T (RFC 3947) vendor ID
Feb 19 15:25:04 charon 11[IKE] <5> received FRAGMENTATION vendor ID
Feb 19 15:25:04 charon 11[IKE] <5> received DPD vendor ID
Feb 19 15:25:04 charon 11[IKE] <5> received Cisco Unity vendor ID
Feb 19 15:25:04 charon 11[IKE] <5> 172.30.3.163 is initiating a Aggressive Mode IKE_SA
Feb 19 15:25:04 charon 11[IKE] <5> IKE_SA (unnamed)[5] state change: CREATED => CONNECTING
Feb 19 15:25:04 charon 11[LIB] <5> size of DH secret exponent: 1023 bits
Feb 19 15:25:04 charon 11[IKE] sending XAuth vendor ID
Feb 19 15:25:04 charon 11[IKE] sending DPD vendor ID
Feb 19 15:25:04 charon 11[IKE] sending Cisco Unity vendor ID
Feb 19 15:25:04 charon 11[IKE] sending FRAGMENTATION vendor ID
Feb 19 15:25:04 charon 11[IKE] sending NAT-T (RFC 3947) vendor ID
Feb 19 15:25:04 charon 11[NET] sending packet: from 10.20.0.2[500] to 172.30.3.163[500] (432 bytes)
Feb 19 15:25:04 charon 11[MGR] checkin IKE_SA con1[5]
Feb 19 15:25:04 charon 11[MGR] checkin of IKE_SA successful
Feb 19 15:25:04 charon 04[NET] sending packet: from 10.20.0.2[500] to 172.30.3.163[500]
Feb 19 15:25:08 charon 11[MGR] checkout IKEv1 SA with SPIs 72c13bb99d21bb9e_i 27700ec4f94d446a_r
Feb 19 15:25:08 charon 11[MGR] IKE_SA con1[5] successfully checked out
Feb 19 15:25:08 charon 11[IKE] sending retransmit 1 of response message ID 0, seq 1
Feb 19 15:25:08 charon 11[NET] sending packet: from 10.20.0.2[500] to 172.30.3.163[500] (432 bytes)
Feb 19 15:25:08 charon 11[MGR] checkin IKE_SA con1[5]
Feb 19 15:25:08 charon 11[MGR] checkin of IKE_SA successful
Feb 19 15:25:08 charon 04[NET] sending packet: from 10.20.0.2[500] to 172.30.3.163[500]
Feb 19 15:25:09 charon 07[NET] received packet: from 172.30.3.163[500] to 10.20.0.2[500]
Feb 19 15:25:09 charon 07[NET] waiting for data on sockets
Feb 19 15:25:09 charon 11[MGR] checkout IKEv1 SA by message with SPIs 72c13bb99d21bb9e_i 0000000000000000_r
Feb 19 15:25:09 charon 11[MGR] IKE_SA con1[5] successfully checked out
Feb 19 15:25:09 charon 11[NET] received packet: from 172.30.3.163[500] to 10.20.0.2[500] (1183 bytes)
Feb 19 15:25:09 charon 11[IKE] received retransmit of request with ID 0, retransmitting response
Feb 19 15:25:09 charon 11[NET] sending packet: from 10.20.0.2[500] to 172.30.3.163[500] (432 bytes)
Feb 19 15:25:09 charon 11[MGR] checkin IKE_SA con1[5]
Feb 19 15:25:09 charon 04[NET] sending packet: from 10.20.0.2[500] to 172.30.3.163[500]
Feb 19 15:25:09 charon 11[MGR] checkin of IKE_SA successful
Feb 19 15:25:14 charon 07[NET] received packet: from 172.30.3.163[500] to 10.20.0.2[500]
Feb 19 15:25:14 charon 07[NET] waiting for data on sockets
Feb 19 15:25:14 charon 11[MGR] checkout IKEv1 SA by message with SPIs 72c13bb99d21bb9e_i 0000000000000000_r
Feb 19 15:25:14 charon 11[MGR] IKE_SA con1[5] successfully checked out
Feb 19 15:25:14 charon 11[NET] received packet: from 172.30.3.163[500] to 10.20.0.2[500] (1183 bytes)
Feb 19 15:25:14 charon 11[IKE] received retransmit of request with ID 0, retransmitting response
Feb 19 15:25:14 charon 11[NET] sending packet: from 10.20.0.2[500] to 172.30.3.163[500] (432 bytes)
Feb 19 15:25:14 charon 11[MGR] checkin IKE_SA con1[5]
Feb 19 15:25:14 charon 04[NET] sending packet: from 10.20.0.2[500] to 172.30.3.163[500]
Feb 19 15:25:14 charon 11[MGR] checkin of IKE_SA successful
Feb 19 15:25:15 charon 11[MGR] checkout IKEv1 SA with SPIs 72c13bb99d21bb9e_i 27700ec4f94d446a_r
Feb 19 15:25:15 charon 11[MGR] IKE_SA con1[5] successfully checked out
Feb 19 15:25:15 charon 11[IKE] sending retransmit 2 of response message ID 0, seq 1
Feb 19 15:25:15 charon 11[NET] sending packet: from 10.20.0.2[500] to 172.30.3.163[500] (432 bytes)
Feb 19 15:25:15 charon 11[MGR] checkin IKE_SA con1[5]
Feb 19 15:25:15 charon 04[NET] sending packet: from 10.20.0.2[500] to 172.30.3.163[500]
Feb 19 15:25:15 charon 11[MGR] checkin of IKE_SA successful
Feb 19 15:25:19 charon 07[NET] received packet: from 172.30.3.163[500] to 10.20.0.2[500]
Feb 19 15:25:19 charon 07[NET] waiting for data on sockets
Feb 19 15:25:19 charon 12[MGR] checkout IKEv1 SA by message with SPIs 72c13bb99d21bb9e_i 0000000000000000_r
Feb 19 15:25:19 charon 12[MGR] IKE_SA con1[5] successfully checked out
Feb 19 15:25:19 charon 12[NET] received packet: from 172.30.3.163[500] to 10.20.0.2[500] (1183 bytes)
Feb 19 15:25:19 charon 12[IKE] received retransmit of request with ID 0, retransmitting response
Feb 19 15:25:19 charon 12[NET] sending packet: from 10.20.0.2[500] to 172.30.3.163[500] (432 bytes)
Feb 19 15:25:19 charon 12[MGR] checkin IKE_SA con1[5]
Feb 19 15:25:19 charon 04[NET] sending packet: from 10.20.0.2[500] to 172.30.3.163[500]
Feb 19 15:25:19 charon 12[MGR] checkin of IKE_SA successful
Feb 19 15:25:28 charon 12[MGR] checkout IKEv1 SA with SPIs 72c13bb99d21bb9e_i 27700ec4f94d446a_r
Feb 19 15:25:28 charon 12[MGR] IKE_SA con1[5] successfully checked out
Feb 19 15:25:28 charon 12[IKE] sending retransmit 3 of response message ID 0, seq 1
Feb 19 15:25:28 charon 12[NET] sending packet: from 10.20.0.2[500] to 172.30.3.163[500] (432 bytes)
Feb 19 15:25:28 charon 12[MGR] checkin IKE_SA con1[5]
Feb 19 15:25:28 charon 04[NET] sending packet: from 10.20.0.2[500] to 172.30.3.163[500]
Feb 19 15:25:28 charon 12[MGR] checkin of IKE_SA successful
Feb 19 15:25:34 charon 12[MGR] checkout IKEv1 SA with SPIs 72c13bb99d21bb9e_i 27700ec4f94d446a_r
Feb 19 15:25:34 charon 12[MGR] IKE_SA con1[5] successfully checked out
Feb 19 15:25:34 charon 12[MGR] checkin and destroy IKE_SA con1[5]
Feb 19 15:25:34 charon 12[IKE] IKE_SA con1[5] state change: CONNECTING => DESTROYING
Feb 19 15:25:34 charon 12[MGR] checkin and destroy of IKE_SA successful