Phase 2 does not stay up
-
Good morning,
I am trying to set up a VPN (IPsec) with Cisco Firepower - 7.2.8. We are using the following phase 2 settings:
Encryption Algorithms: AES 256
Hash Algorithms: 256
PFS Key group: 14(2048 bit)
Lifetime: 3600We noticed that phase 2 does not go up.
Is there any incompatibility between pfsense 2.6.0-RELEASE (amd64) and Cisco Firepower - 7.2.8.?
Or is there any configuration that allows closing phase 2?According to the Cisco Firepower - 7.2.8. team, there is no way to enable PFS Key group 2, as it has been discontinued.
Thanks for your help
-
no logs provided....
so you are asking us to guess whats going on based on the minimal information provided.
In that case, there is no incompatibility known. I have an IPsec tunnel to a Palo and a Fortinet appliance. -
@michmoor Your answer is useless to me. My goal in seeking help on the forum was simply to find out if there was any incompatibility between Cisco Firepower - 7.2.8 and pfsense, or if there was any specific configuration to be performed.
I believed that after the post, there would be people with intelligent dialogue (which was not your case), and then, if more technical information was needed, I would pass it on.
I also have several ipsec ups tunnels and no problem, however, with this equipment I had this problem. At no time did I mention paloalo, fortinet, etc.
Everything starts with a dialogue, my friend, and a healthy conversation develops.If your goal is not to help but to point out errors, there is no need to get in the way.
Best regards
-
@moisesdasilvadeoliveira
To be frank, your post is just as if not more useless.
You seek here asking a basic question but without context its useless.
"Does this thing work?" is the summary of your question. The answer is Yes...Couldve saved yourself the trouble by asking ChatGPT.
If you are seeking help do yourself a favor and ask better questions and provide details to your query. Generic yes/no questions are useless to everyone especially yourself if you are having a technical issue with your firewall which clearly you are.
Again..."Does pfsense work with other vendors?" The answer is Yes. Good job@moisesdasilvadeoliveira said in Phase 2 does not stay up:
If your goal is not to help but to point out errors, there is no need to get in the way.
My goal as a forum poster and/or vistor is to help people like you. I want to help you. To that end you first need to help yourself. Ask better questions you get better replies. Do you go to the doctor and ask him "Is there a problem with bananas?" How does that help the doctor or you? What is the basis of your health concern? Is there a health concern? What does your question even mean?
-
@michmoor I won't argue with you, be polite. That's all.