Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Issue with phase 2 not working with our customer ipsec network

    IPsec
    1
    1
    260
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mmangiante last edited by

      Hello,

      a client where we have installed our software give us access on their servers via an ipsec vpn; we have 2 sites, Italy and Brazil, and I have configured with success the connection from Italy to the client; then, I copied the virtual machine on Brazil server, changed the ip related to the WAn, changed the NAT parameters asked for and tried the connection but the second phase doesn't work.

      Some data related to the vpn:

      Encryption scheme: IKE (Quick mode completion, UDP ipv4)
      Data Encription Methods: ESP, 3DES + MD5 + PFS (group2)
      IKE IDs: subnet 10.174.224.0 (255.255.252.0) and subnet 10.174.68.64 (255.255.255.192)

      The first subnet is that of customer site; the second is the encryption domain and the customer added "Partner must be NAT in the Firewall for this NETWORK".

      I attach the configuration images and also the log but with public IPs obscured.

      Do you think there is a misconfiguration on the customer side or I have a problem with my configuration. As said, I use the same in Italy that differ only for my WAN IP and for the encription domain.

      Marco

      ![nat outbound.png](/public/imported_attachments/1/nat outbound.png)
      ![nat outbound.png_thumb](/public/imported_attachments/1/nat outbound.png_thumb)
      ![rules ipsec.png](/public/imported_attachments/1/rules ipsec.png)
      ![rules ipsec.png_thumb](/public/imported_attachments/1/rules ipsec.png_thumb)
      ![rules wan.png](/public/imported_attachments/1/rules wan.png)
      ![rules wan.png_thumb](/public/imported_attachments/1/rules wan.png_thumb)
      ![vpn phase 1_1.png](/public/imported_attachments/1/vpn phase 1_1.png)
      ![vpn phase 1_1.png_thumb](/public/imported_attachments/1/vpn phase 1_1.png_thumb)
      ![vpn phase 1_2.png](/public/imported_attachments/1/vpn phase 1_2.png)
      ![vpn phase 1_2.png_thumb](/public/imported_attachments/1/vpn phase 1_2.png_thumb)
      ![vpn phase 2_1.png](/public/imported_attachments/1/vpn phase 2_1.png)
      ![vpn phase 2_1.png_thumb](/public/imported_attachments/1/vpn phase 2_1.png_thumb)
      ![vpn phase 2_2.png](/public/imported_attachments/1/vpn phase 2_2.png)
      ![vpn phase 2_2.png_thumb](/public/imported_attachments/1/vpn phase 2_2.png_thumb)
      ipsec_pfsense_log_11102017.txt

      1 Reply Last reply Reply Quote 0
      • First post
        Last post