Issue with phase 2 not working with our customer ipsec network



  • Hello,

    a client where we have installed our software give us access on their servers via an ipsec vpn; we have 2 sites, Italy and Brazil, and I have configured with success the connection from Italy to the client; then, I copied the virtual machine on Brazil server, changed the ip related to the WAn, changed the NAT parameters asked for and tried the connection but the second phase doesn't work.

    Some data related to the vpn:

    Encryption scheme: IKE (Quick mode completion, UDP ipv4)
    Data Encription Methods: ESP, 3DES + MD5 + PFS (group2)
    IKE IDs: subnet 10.174.224.0 (255.255.252.0) and subnet 10.174.68.64 (255.255.255.192)

    The first subnet is that of customer site; the second is the encryption domain and the customer added "Partner must be NAT in the Firewall for this NETWORK".

    I attach the configuration images and also the log but with public IPs obscured.

    Do you think there is a misconfiguration on the customer side or I have a problem with my configuration. As said, I use the same in Italy that differ only for my WAN IP and for the encription domain.

    Marco

    ![nat outbound.png](/public/imported_attachments/1/nat outbound.png)
    ![nat outbound.png_thumb](/public/imported_attachments/1/nat outbound.png_thumb)
    ![rules ipsec.png](/public/imported_attachments/1/rules ipsec.png)
    ![rules ipsec.png_thumb](/public/imported_attachments/1/rules ipsec.png_thumb)
    ![rules wan.png](/public/imported_attachments/1/rules wan.png)
    ![rules wan.png_thumb](/public/imported_attachments/1/rules wan.png_thumb)
    ![vpn phase 1_1.png](/public/imported_attachments/1/vpn phase 1_1.png)
    ![vpn phase 1_1.png_thumb](/public/imported_attachments/1/vpn phase 1_1.png_thumb)
    ![vpn phase 1_2.png](/public/imported_attachments/1/vpn phase 1_2.png)
    ![vpn phase 1_2.png_thumb](/public/imported_attachments/1/vpn phase 1_2.png_thumb)
    ![vpn phase 2_1.png](/public/imported_attachments/1/vpn phase 2_1.png)
    ![vpn phase 2_1.png_thumb](/public/imported_attachments/1/vpn phase 2_1.png_thumb)
    ![vpn phase 2_2.png](/public/imported_attachments/1/vpn phase 2_2.png)
    ![vpn phase 2_2.png_thumb](/public/imported_attachments/1/vpn phase 2_2.png_thumb)
    ipsec_pfsense_log_11102017.txt