4. Issue with phase 2 not working with our customer ipsec network

Issue with phase 2 not working with our customer ipsec network

  • M

    Hello,

    a client where we have installed our software give us access on their servers via an ipsec vpn; we have 2 sites, Italy and Brazil, and I have configured with success the connection from Italy to the client; then, I copied the virtual machine on Brazil server, changed the ip related to the WAn, changed the NAT parameters asked for and tried the connection but the second phase doesn't work.

    Some data related to the vpn:

    Encryption scheme: IKE (Quick mode completion, UDP ipv4)
    Data Encription Methods: ESP, 3DES + MD5 + PFS (group2)
    IKE IDs: subnet 10.174.224.0 (255.255.252.0) and subnet 10.174.68.64 (255.255.255.192)

    The first subnet is that of customer site; the second is the encryption domain and the customer added "Partner must be NAT in the Firewall for this NETWORK".

    I attach the configuration images and also the log but with public IPs obscured.

    Do you think there is a misconfiguration on the customer side or I have a problem with my configuration. As said, I use the same in Italy that differ only for my WAN IP and for the encription domain.

    Marco

    ![nat outbound.png](/public/imported_attachments/1/nat outbound.png)
    ![nat outbound.png_thumb](/public/imported_attachments/1/nat outbound.png_thumb)
    ![rules ipsec.png](/public/imported_attachments/1/rules ipsec.png)
    ![rules ipsec.png_thumb](/public/imported_attachments/1/rules ipsec.png_thumb)
    ![rules wan.png](/public/imported_attachments/1/rules wan.png)
    ![rules wan.png_thumb](/public/imported_attachments/1/rules wan.png_thumb)
    ![vpn phase 1_1.png](/public/imported_attachments/1/vpn phase 1_1.png)
    ![vpn phase 1_1.png_thumb](/public/imported_attachments/1/vpn phase 1_1.png_thumb)
    ![vpn phase 1_2.png](/public/imported_attachments/1/vpn phase 1_2.png)
    ![vpn phase 1_2.png_thumb](/public/imported_attachments/1/vpn phase 1_2.png_thumb)
    ![vpn phase 2_1.png](/public/imported_attachments/1/vpn phase 2_1.png)
    ![vpn phase 2_1.png_thumb](/public/imported_attachments/1/vpn phase 2_1.png_thumb)
    ![vpn phase 2_2.png](/public/imported_attachments/1/vpn phase 2_2.png)
    ![vpn phase 2_2.png_thumb](/public/imported_attachments/1/vpn phase 2_2.png_thumb)
    ipsec_pfsense_log_11102017.txt

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy