GRE IPSec to Cisco IOS
-
I am trying to setup a connection to our service provider, Optus, for a specialized service. They have provided an example config for a Cisco, can any one tell me if I achieve the same thing with pfSense?
Sample config:
crypto isakmp policy 10 encr 3des authentication pre-share group 2 exit crypto ipsec transform-set TheirCompany_Transform esp-3des esp-sha-hmac crypto isakmp key VerySecretKey address <their public="" ip="">ip access-list extended TheirCompany_Encrypt permit gre host <my public="" ip="">host <their public="" ip="">exit crypto map TheirCompany_IPSec 10 ipsec-isakmp set peer <their public="" ip="">set transform-set TheirCompany_transform set pfs group2 match address TheirCompany_encrypt exit interface Tunnel0 description : IPSec encryted GRE to TheirCompany ip unnumbered <external interface="">tunnel source <external interface="">tunnel destination <their public="" ip="">crypto map TheirCompany_IPSec exit interface <external interface="">crypto map TheirCompany_IPSec ip route 10.10.20.0 255.255.255.0 Tunnel 0 ! <external interface="">This is the internet facing or a loopback interface ! with an internet routable address. ! <my public="" ip="">this is the IP address for your Cisco router Internet connection. ! This IP address will be a static Internet routable address used to terminate IPSec.</my></external></external></their></external></external></their></their></my></their>
They have also informed me of the config at their end, if it helps
crypto isakmp policy 10 encr 3des authentication pre-share group 2 exit crypto ipsec transform-set TransformSet_3 esp-3des esp-sha-hmac interface Loopback620 description : Loopback for MyCompany ip address 172.22.83.123 255.255.255.255 exit ip access-list extended MyCompanyCMIGGSN permit ip any 10.10.20.0 0.0.0.255 exit route-map ToMyCompanyCMIUsers permit 10 match ip address MyCompanyCMIGGSN exit route-map ToMyCompanyCMIUsers permit 90 set interface Null0 exit crypto isakmp key VerySecretKey address <my public="" ip="">ip access-list extended MyCompany_Encrypt permit gre host <their public="" ip="">host <my public="" ip="">exit crypto map combined_IPSec 237 ipsec-isakmp description : IPSec setting for MyCompany set peer <my public="" ip="">set transform-set TransformSet_3 set pfs group2 match address MyCompany_Encrypt exit interface Tunnel715 description : GRE and IPSec to MyCompany ip unnumbered Loopback499 ip policy route-map ToMyCompanyCMIUsers tunnel source Loopback499 tunnel destination <my public="" ip="">crypto map combined_IPSec exit route-map ToMyCompanyNet permit 10 set interface Tunnel715 exit interface Tunnel481 description : GRE to GGSN1 for MyCompany ip unnumbered Loopback620 ip mtu 1500 ip route-cache flow ip policy route-map ToMyCompanyNet tunnel source Loopback620 tunnel destination <some other="" public="" ip="">exit interface Tunnel482 description : GRE to GGSN2 for MyCompany ip unnumbered Loopback620 ip mtu 1500 ip route-cache flow ip policy route-map ToMyCompanyNet tunnel source Loopback620 tunnel destination <yet another="" public="" ip="">exit route-map ToMyCompanyCMIUsers permit 10 match ip address MyCompanyCMIGGSN set interface Tunnel481 exit route-map ToMyCompanyCMIUsers permit 90 set interface Null0 exit</yet></some></my></my></my></their></my>
Any help or advice would be greatly appreciated.
Thanks in advance.