IPSEC VPN to Meraki Issue



  • Hi

    I've got an issue connecting an IPSEC VPN from pfSence to a Meraki Firewall.
    Has anyone got this working ? Can you advise how you have it setup ?

    This is the log for the connection attempt.
    Meraki = 89.X.X.X
    pfSense = 82.Y.Y.Y

    Sep 18 16:55:54	charon		08[IKE] <12> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Sep 18 16:55:54	charon		08[IKE] <12> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
    Sep 18 16:55:54	charon		08[IKE] <12> received DPD vendor ID
    Sep 18 16:55:54	charon		08[IKE] <12> 89.X.X.X is initiating a Main Mode IKE_SA
    Sep 18 16:55:54	charon		08[ENC] <12> generating ID_PROT response 0 [ SA V V V ]
    Sep 18 16:55:54	charon		08[NET] <12> sending packet: from 82.Y.Y.Y[500] to 89.X.X.X[500] (132 bytes)
    Sep 18 16:55:54	charon		08[NET] <12> received packet: from 89.X.X.X[500] to 82.Y.Y.Y[500] (228 bytes)
    Sep 18 16:55:54	charon		08[ENC] <12> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
    Sep 18 16:55:54	charon		08[IKE] <12> local host is behind NAT, sending keep alives
    Sep 18 16:55:54	charon		08[IKE] <12> remote host is behind NAT
    Sep 18 16:55:54	charon		08[ENC] <12> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
    Sep 18 16:55:54	charon		08[NET] <12> sending packet: from 82.Y.Y.Y[500] to 89.X.X.X[500] (244 bytes)
    Sep 18 16:56:14	charon		08[IKE] <12> sending keep alive to 89.X.X.X[500]
    Sep 18 16:56:24	charon		08[JOB] <12> deleting half open IKE_SA with 89.X.X.X after timeout
    Sep 18 16:56:45	charon		08[NET] <13> received packet: from 89.X.X.X[500] to 82.Y.Y.Y[500] (180 bytes)
    Sep 18 16:56:45	charon		08[ENC] <13> parsed ID_PROT request 0 [ SA V V V V V ]
    Sep 18 16:56:45	charon		08[IKE] <13> received NAT-T (RFC 3947) vendor ID
    Sep 18 16:56:45	charon		08[IKE] <13> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Sep 18 16:56:45	charon		08[IKE] <13> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Sep 18 16:56:45	charon		08[IKE] <13> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
    Sep 18 16:56:45	charon		08[IKE] <13> received DPD vendor ID
    Sep 18 16:56:45	charon		08[IKE] <13> 89.X.X.X is initiating a Main Mode IKE_SA
    Sep 18 16:56:45	charon		08[ENC] <13> generating ID_PROT response 0 [ SA V V V ]
    Sep 18 16:56:45	charon		08[NET] <13> sending packet: from 82.Y.Y.Y[500] to 89.X.X.X[500] (132 bytes)
    Sep 18 16:56:45	charon		08[NET] <13> received packet: from 89.X.X.X[500] to 82.Y.Y.Y[500] (228 bytes)
    Sep 18 16:56:45	charon		08[ENC] <13> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
    Sep 18 16:56:45	charon		08[IKE] <13> local host is behind NAT, sending keep alives
    Sep 18 16:56:45	charon		08[IKE] <13> remote host is behind NAT
    Sep 18 16:56:45	charon		08[ENC] <13> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
    Sep 18 16:56:45	charon		08[NET] <13> sending packet: from 82.Y.Y.Y[500] to 89.X.X.X[500] (244 bytes)
    Sep 18 16:57:05	charon		10[IKE] <13> sending keep alive to 89.X.X.X[500]
    Sep 18 16:57:15	charon		10[JOB] <13> deleting half open IKE_SA with 89.X.X.X after timeout
    Sep 18 16:57:37	charon		10[NET] <14> received packet: from 89.X.X.X[500] to 82.Y.Y.Y[500] (180 bytes)
    Sep 18 16:57:37	charon		10[ENC] <14> parsed ID_PROT request 0 [ SA V V V V V ]
    Sep 18 16:57:37	charon		10[IKE] <14> received NAT-T (RFC 3947) vendor ID
    Sep 18 16:57:37	charon		10[IKE] <14> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Sep 18 16:57:37	charon		10[IKE] <14> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Sep 18 16:57:37	charon		10[IKE] <14> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
    Sep 18 16:57:37	charon		10[IKE] <14> received DPD vendor ID
    Sep 18 16:57:37	charon		10[IKE] <14> 89.X.X.X is initiating a Main Mode IKE_SA
    Sep 18 16:57:37	charon		10[ENC] <14> generating ID_PROT response 0 [ SA V V V ]
    Sep 18 16:57:37	charon		10[NET] <14> sending packet: from 82.Y.Y.Y[500] to 89.X.X.X[500] (132 bytes)
    Sep 18 16:57:37	charon		10[NET] <14> received packet: from 89.X.X.X[500] to 82.Y.Y.Y[500] (228 bytes)
    Sep 18 16:57:37	charon		10[ENC] <14> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
    Sep 18 16:57:37	charon		10[IKE] <14> local host is behind NAT, sending keep alives
    Sep 18 16:57:37	charon		10[IKE] <14> remote host is behind NAT
    

    Can anyone advise why this fails.
    Thanks


Log in to reply