IPSEC VPN to Meraki Issue
-
Hi
I've got an issue connecting an IPSEC VPN from pfSence to a Meraki Firewall.
Has anyone got this working ? Can you advise how you have it setup ?This is the log for the connection attempt.
Meraki = 89.X.X.X
pfSense = 82.Y.Y.YSep 18 16:55:54 charon 08[IKE] <12> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Sep 18 16:55:54 charon 08[IKE] <12> received draft-ietf-ipsec-nat-t-ike-00 vendor ID Sep 18 16:55:54 charon 08[IKE] <12> received DPD vendor ID Sep 18 16:55:54 charon 08[IKE] <12> 89.X.X.X is initiating a Main Mode IKE_SA Sep 18 16:55:54 charon 08[ENC] <12> generating ID_PROT response 0 [ SA V V V ] Sep 18 16:55:54 charon 08[NET] <12> sending packet: from 82.Y.Y.Y[500] to 89.X.X.X[500] (132 bytes) Sep 18 16:55:54 charon 08[NET] <12> received packet: from 89.X.X.X[500] to 82.Y.Y.Y[500] (228 bytes) Sep 18 16:55:54 charon 08[ENC] <12> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ] Sep 18 16:55:54 charon 08[IKE] <12> local host is behind NAT, sending keep alives Sep 18 16:55:54 charon 08[IKE] <12> remote host is behind NAT Sep 18 16:55:54 charon 08[ENC] <12> generating ID_PROT response 0 [ KE No NAT-D NAT-D ] Sep 18 16:55:54 charon 08[NET] <12> sending packet: from 82.Y.Y.Y[500] to 89.X.X.X[500] (244 bytes) Sep 18 16:56:14 charon 08[IKE] <12> sending keep alive to 89.X.X.X[500] Sep 18 16:56:24 charon 08[JOB] <12> deleting half open IKE_SA with 89.X.X.X after timeout Sep 18 16:56:45 charon 08[NET] <13> received packet: from 89.X.X.X[500] to 82.Y.Y.Y[500] (180 bytes) Sep 18 16:56:45 charon 08[ENC] <13> parsed ID_PROT request 0 [ SA V V V V V ] Sep 18 16:56:45 charon 08[IKE] <13> received NAT-T (RFC 3947) vendor ID Sep 18 16:56:45 charon 08[IKE] <13> received draft-ietf-ipsec-nat-t-ike-02 vendor ID Sep 18 16:56:45 charon 08[IKE] <13> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Sep 18 16:56:45 charon 08[IKE] <13> received draft-ietf-ipsec-nat-t-ike-00 vendor ID Sep 18 16:56:45 charon 08[IKE] <13> received DPD vendor ID Sep 18 16:56:45 charon 08[IKE] <13> 89.X.X.X is initiating a Main Mode IKE_SA Sep 18 16:56:45 charon 08[ENC] <13> generating ID_PROT response 0 [ SA V V V ] Sep 18 16:56:45 charon 08[NET] <13> sending packet: from 82.Y.Y.Y[500] to 89.X.X.X[500] (132 bytes) Sep 18 16:56:45 charon 08[NET] <13> received packet: from 89.X.X.X[500] to 82.Y.Y.Y[500] (228 bytes) Sep 18 16:56:45 charon 08[ENC] <13> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ] Sep 18 16:56:45 charon 08[IKE] <13> local host is behind NAT, sending keep alives Sep 18 16:56:45 charon 08[IKE] <13> remote host is behind NAT Sep 18 16:56:45 charon 08[ENC] <13> generating ID_PROT response 0 [ KE No NAT-D NAT-D ] Sep 18 16:56:45 charon 08[NET] <13> sending packet: from 82.Y.Y.Y[500] to 89.X.X.X[500] (244 bytes) Sep 18 16:57:05 charon 10[IKE] <13> sending keep alive to 89.X.X.X[500] Sep 18 16:57:15 charon 10[JOB] <13> deleting half open IKE_SA with 89.X.X.X after timeout Sep 18 16:57:37 charon 10[NET] <14> received packet: from 89.X.X.X[500] to 82.Y.Y.Y[500] (180 bytes) Sep 18 16:57:37 charon 10[ENC] <14> parsed ID_PROT request 0 [ SA V V V V V ] Sep 18 16:57:37 charon 10[IKE] <14> received NAT-T (RFC 3947) vendor ID Sep 18 16:57:37 charon 10[IKE] <14> received draft-ietf-ipsec-nat-t-ike-02 vendor ID Sep 18 16:57:37 charon 10[IKE] <14> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Sep 18 16:57:37 charon 10[IKE] <14> received draft-ietf-ipsec-nat-t-ike-00 vendor ID Sep 18 16:57:37 charon 10[IKE] <14> received DPD vendor ID Sep 18 16:57:37 charon 10[IKE] <14> 89.X.X.X is initiating a Main Mode IKE_SA Sep 18 16:57:37 charon 10[ENC] <14> generating ID_PROT response 0 [ SA V V V ] Sep 18 16:57:37 charon 10[NET] <14> sending packet: from 82.Y.Y.Y[500] to 89.X.X.X[500] (132 bytes) Sep 18 16:57:37 charon 10[NET] <14> received packet: from 89.X.X.X[500] to 82.Y.Y.Y[500] (228 bytes) Sep 18 16:57:37 charon 10[ENC] <14> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ] Sep 18 16:57:37 charon 10[IKE] <14> local host is behind NAT, sending keep alives Sep 18 16:57:37 charon 10[IKE] <14> remote host is behind NATCan anyone advise why this fails.
Thanks