Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    GRE IPSec to Cisco IOS

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      donkers
      last edited by

      I am trying to setup a connection to our service provider, Optus, for a specialized service. They have provided an example config for a Cisco, can any one tell me if I achieve the same thing with pfSense?

      Sample config:

      
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
exit

crypto ipsec transform-set TheirCompany_Transform esp-3des esp-sha-hmac

crypto isakmp key VerySecretKey address <their public="" ip="">ip access-list extended TheirCompany_Encrypt
 permit gre host <my public="" ip="">host <their public="" ip="">exit

crypto map TheirCompany_IPSec 10 ipsec-isakmp
 set peer <their public="" ip="">set transform-set TheirCompany_transform
 set pfs group2
 match address TheirCompany_encrypt
exit

interface Tunnel0
 description : IPSec encryted GRE to TheirCompany
 ip unnumbered <external interface="">tunnel source <external interface="">tunnel destination <their public="" ip="">crypto map TheirCompany_IPSec
exit

interface <external interface="">crypto map TheirCompany_IPSec

ip route 10.10.20.0 255.255.255.0 Tunnel 0

! <external interface="">This is the internet facing or a loopback interface
! with an internet routable address.

! <my public="" ip="">this is the IP address for your Cisco router Internet connection.
! This IP address will be a static Internet routable address used to terminate IPSec.</my></external></external></their></external></external></their></their></my></their>

      They have also informed me of the config at their end, if it helps

      
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
exit

crypto ipsec transform-set TransformSet_3 esp-3des esp-sha-hmac 

interface Loopback620
 description : Loopback for MyCompany
 ip address 172.22.83.123 255.255.255.255
exit

ip access-list extended MyCompanyCMIGGSN
 permit ip any 10.10.20.0 0.0.0.255
exit

route-map ToMyCompanyCMIUsers permit 10
 match ip address MyCompanyCMIGGSN
exit

route-map ToMyCompanyCMIUsers permit 90
 set interface Null0
exit

crypto isakmp key VerySecretKey address <my public="" ip="">ip access-list extended MyCompany_Encrypt
 permit gre host <their public="" ip="">host <my public="" ip="">exit

crypto map combined_IPSec 237 ipsec-isakmp
 description : IPSec setting for MyCompany
 set peer <my public="" ip="">set transform-set TransformSet_3
 set pfs group2
 match address MyCompany_Encrypt
exit

interface Tunnel715
 description : GRE and IPSec to MyCompany
 ip unnumbered Loopback499
 ip policy route-map ToMyCompanyCMIUsers
 tunnel source Loopback499
 tunnel destination <my public="" ip="">crypto map combined_IPSec
exit

route-map ToMyCompanyNet permit 10
 set interface Tunnel715
exit

interface Tunnel481
 description : GRE to GGSN1 for MyCompany
 ip unnumbered Loopback620
 ip mtu 1500
 ip route-cache flow
 ip policy route-map ToMyCompanyNet
 tunnel source Loopback620
 tunnel destination <some other="" public="" ip="">exit

interface Tunnel482
 description : GRE to GGSN2 for MyCompany
 ip unnumbered Loopback620
 ip mtu 1500
 ip route-cache flow
 ip policy route-map ToMyCompanyNet
 tunnel source Loopback620
 tunnel destination <yet another="" public="" ip="">exit

route-map ToMyCompanyCMIUsers permit 10
 match ip address MyCompanyCMIGGSN
 set interface Tunnel481
exit

route-map ToMyCompanyCMIUsers permit 90
 set interface Null0
exit</yet></some></my></my></my></their></my>

      Any help or advice would be greatly appreciated.

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.