IPSec with AWS
-
Hi,
I'm using PFsence firewall from AWS, nad while configuring IPSec, I'm facing some problem. Please help me to resolve it.
As I'm using AWS, my firewall private ip is 10.10.10.100 and consider my public ip is xx.xx.xx.xxxFirewall Private IP: 10.10.10.100
Firewall public IP: xx.xx.xx.xx
Remote IP: rr.rr.rr.rr@Phase1
Encryption Algorithm : 3DES
Hash Algorithm : SHA1
My identifier : My Ip address
Peer identifier : IP address 10.10.10.100Problem is while connecting IPSec I'm getting below message and connection is not success.
Feb 22 09:52:48 charon 05[IKE] <con2000|1>received DPD vendor ID
Feb 22 09:52:48 charon 05[IKE] <con2000|1>IDir 'rr.rr.rr.rr' does not match to 'xx.xx.xx.xx'
Feb 22 09:52:48 charon 05[IKE] <con2000|1>deleting IKE_SA con2000[1] between 10.10.10.100[10.10.10.100]…rr.rr.rr.rr[%any]
Feb 22 09:52:48 charon 05[IKE] <con2000|1>sending DELETE for IKE_SA con2000[1]
Feb 22 09:52:48 charon 05[ENC] <con2000|1>generating INFORMATIONAL_V1 request 1432215359 [ HASH D ]
Feb 22 09:52:48 charon 05[NET] <con2000|1>sending packet: from 10.10.10.100[4500] to rr.rr.rr.rr[4500] (84 bytes)Thank you,
Manikandan</con2000|1></con2000|1></con2000|1></con2000|1></con2000|1></con2000|1> -
Looks like a your pfsense is behind NAT. Try changing your peer identifier setting to "IP Address" and enter the pre-nat ip address.
Have a look at this document https://doc.pfsense.org/index.php/IPsec_Troubleshooting and look at the section "Mismatched Identifier with NAT"
John
-
Hi,
Thanks for replay. I have already tried that, but it was not working.
Mani
-
That would be closer to how it should be so change it back and post those logs. What you have there is certainly not right.