Setting up pfSense for 'Road Warriors' via IPSec
-
Hello Everyone,
What I want to do, for the time being, is get pfSense setup so that a few of my employees can connect from their residences. I have poured over this doc for quite awhile: http://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To with no luck. A quick overview of my network topology: T1 –> Cisco Router 2800 --> Internal Network The box that has pfSense setup resides on the internal network with dual NICs. In the router I have added three entires for IPSec into the ACL for the public IP of the pfSense box.Now if I try to connect from the local network to the pfSense box via Shrew the log for racoon looks like this:
racoon: [Unknown Gateway/Dynamic]: INFO: respond new phase 1 negotiation: 1.2.3.4[500]<=>192.168.1.44[500] Aug 3 17:51:08 racoon: INFO: begin Aggressive mode. Aug 3 17:51:08 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00 Aug 3 17:51:08 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01 Aug 3 17:51:08 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 Aug 3 17:51:08 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03 Aug 3 17:51:08 racoon: INFO: received Vendor ID: RFC 3947 Aug 3 17:51:08 racoon: INFO: received broken Microsoft ID: FRAGMENTATION Aug 3 17:51:08 racoon: INFO: received Vendor ID: DPD Aug 3 17:51:08 racoon: INFO: received Vendor ID: CISCO-UNITY Aug 3 17:51:13 racoon: NOTIFY: the packet is retransmitted by 192.168.1.44[500] (1). Aug 3 17:51:18 racoon: NOTIFY: the packet is retransmitted by 192.168.1.44[500] (1). Aug 3 17:51:32 racoon: ERROR: phase1 negotiation failed due to time up. 12359c6a1d26d55e:de8038828d565cabWhere 1.2.3.4 is the public IP of the pfSense box. If I connect to a network outside the public network the logs look similar. Is there something obvious that I am missing or have I misconfigured something?
Thanks in advance!