IPSec with AWS



  • Hi,

    I'm using PFsence firewall from AWS, nad while configuring IPSec, I'm facing some problem. Please help me to resolve it.
    As I'm using AWS, my firewall private ip is 10.10.10.100 and consider my public ip is xx.xx.xx.xxx

    Firewall Private IP: 10.10.10.100
    Firewall public IP: xx.xx.xx.xx
    Remote IP: rr.rr.rr.rr

    @Phase1
    Encryption Algorithm : 3DES
    Hash Algorithm : SHA1
    My identifier : My Ip address
    Peer identifier : IP address  10.10.10.100

    Problem is while connecting IPSec I'm getting below message and connection is not success.

    Feb 22 09:52:48 charon 05[IKE] <con2000|1>received DPD vendor ID
    Feb 22 09:52:48 charon 05[IKE] <con2000|1>IDir 'rr.rr.rr.rr' does not match to 'xx.xx.xx.xx'
    Feb 22 09:52:48 charon 05[IKE] <con2000|1>deleting IKE_SA con2000[1] between 10.10.10.100[10.10.10.100]…rr.rr.rr.rr[%any]
    Feb 22 09:52:48 charon 05[IKE] <con2000|1>sending DELETE for IKE_SA con2000[1]
    Feb 22 09:52:48 charon 05[ENC] <con2000|1>generating INFORMATIONAL_V1 request 1432215359 [ HASH D ]
    Feb 22 09:52:48 charon 05[NET] <con2000|1>sending packet: from 10.10.10.100[4500] to rr.rr.rr.rr[4500] (84 bytes)

    Thank you,
    Manikandan</con2000|1></con2000|1></con2000|1></con2000|1></con2000|1></con2000|1>



  • Looks like a your pfsense is behind NAT.  Try changing your peer identifier setting to "IP Address" and enter the pre-nat ip address.

    Have a look at this document https://doc.pfsense.org/index.php/IPsec_Troubleshooting and look at the section "Mismatched Identifier with NAT"

    John



  • Hi,

    Thanks for replay. I have already tried that, but it was not working.

    Mani


  • LAYER 8 Netgate

    That would be closer to how it should be so change it back and post those logs. What you have there is certainly not right.


Log in to reply