Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Issue with phase 2 not working with our customer ipsec network

    IPsec
    1
    1
    251
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mmangiante last edited by

      Hello,

      a client where we have installed our software give us access on their servers via an ipsec vpn; we have 2 sites, Italy and Brazil, and I have configured with success the connection from Italy to the client; then, I copied the virtual machine on Brazil server, changed the ip related to the WAn, changed the NAT parameters asked for and tried the connection but the second phase doesn't work.

      Some data related to the vpn:

      Encryption scheme: IKE (Quick mode completion, UDP ipv4)
      Data Encription Methods: ESP, 3DES + MD5 + PFS (group2)
      IKE IDs: subnet 10.174.224.0 (255.255.252.0) and subnet 10.174.68.64 (255.255.255.192)

      The first subnet is that of customer site; the second is the encryption domain and the customer added "Partner must be NAT in the Firewall for this NETWORK".

      I attach the configuration images and also the log but with public IPs obscured.

      Do you think there is a misconfiguration on the customer side or I have a problem with my configuration. As said, I use the same in Italy that differ only for my WAN IP and for the encription domain.

      Marco

      ![nat outbound.png](/public/imported_attachments/1/nat outbound.png)
      ![nat outbound.png_thumb](/public/imported_attachments/1/nat outbound.png_thumb)
      ![rules ipsec.png](/public/imported_attachments/1/rules ipsec.png)
      ![rules ipsec.png_thumb](/public/imported_attachments/1/rules ipsec.png_thumb)
      ![rules wan.png](/public/imported_attachments/1/rules wan.png)
      ![rules wan.png_thumb](/public/imported_attachments/1/rules wan.png_thumb)
      ![vpn phase 1_1.png](/public/imported_attachments/1/vpn phase 1_1.png)
      ![vpn phase 1_1.png_thumb](/public/imported_attachments/1/vpn phase 1_1.png_thumb)
      ![vpn phase 1_2.png](/public/imported_attachments/1/vpn phase 1_2.png)
      ![vpn phase 1_2.png_thumb](/public/imported_attachments/1/vpn phase 1_2.png_thumb)
      ![vpn phase 2_1.png](/public/imported_attachments/1/vpn phase 2_1.png)
      ![vpn phase 2_1.png_thumb](/public/imported_attachments/1/vpn phase 2_1.png_thumb)
      ![vpn phase 2_2.png](/public/imported_attachments/1/vpn phase 2_2.png)
      ![vpn phase 2_2.png_thumb](/public/imported_attachments/1/vpn phase 2_2.png_thumb)
      ipsec_pfsense_log_11102017.txt

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy