Setting up pfSense for 'Road Warriors' via IPSec



  • Hello Everyone,
      What I want to do, for the time being, is get pfSense setup so that a few of my employees can connect from their residences.  I have poured over this doc for quite awhile: http://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To with no luck.  A quick overview of my network topology: T1 –> Cisco Router 2800 --> Internal Network  The box that has pfSense setup resides on the internal network with dual NICs. In the router I have added three entires for IPSec into the ACL for the public IP of the pfSense box.

    Now if I try to connect from the local network to the pfSense box via Shrew the log for racoon looks like this:

    
    racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 1 negotiation: 1.2.3.4[500]<=>192.168.1.44[500]
    Aug 3 17:51:08	racoon: INFO: begin Aggressive mode.
    Aug 3 17:51:08	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
    Aug 3 17:51:08	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01
    Aug 3 17:51:08	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    Aug 3 17:51:08	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
    Aug 3 17:51:08	racoon: INFO: received Vendor ID: RFC 3947
    Aug 3 17:51:08	racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Aug 3 17:51:08	racoon: INFO: received Vendor ID: DPD
    Aug 3 17:51:08	racoon: INFO: received Vendor ID: CISCO-UNITY
    Aug 3 17:51:13	racoon: NOTIFY: the packet is retransmitted by 192.168.1.44[500] (1).
    Aug 3 17:51:18	racoon: NOTIFY: the packet is retransmitted by 192.168.1.44[500] (1).
    Aug 3 17:51:32	racoon: ERROR: phase1 negotiation failed due to time up. 12359c6a1d26d55e:de8038828d565cab
    
    

    Where 1.2.3.4 is the public IP of the pfSense box.  If I connect to a network outside the public network the logs look similar.  Is there something obvious that I am missing or have I misconfigured something?

    Thanks in advance!


Log in to reply