IPSec VPN with Cisco PIX



  • Hi,

    First of all, thanks for pfSense which the best opensource Firewall we've seen to date. ;D

    I've setup VPN tunnels with 3 PIX without any problem. After 24h(phase one lifetime), the tunnels were all dead.
    To solve this, we had to open port 500 on the pfsense on the WAN interface.
    The question is: why isn't there an implied rule for inbound isakmp ? after all, there must be one which is implied for ipsec.

    2nd question strange behaviour: the firewall logs a drop "TCP 500" when actually the correct entry should have been "UDP 500".
    We've seen this also with NTP which is logged as TCP 123 when is should have been just UDP 123 in our case.

    note: version in use is pfSense 1.0.1

    tx

    mtoadmin


Log in to reply