Cisco VTI tunnel



  • Has anyone gotten a VPN working with a VTI (virtual tunnel interface) ?

    the cisco config looks like:

    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp key ******** address 0.0.0.0 0.0.0.0
    crypto isakmp keepalive 10
    !
    crypto ipsec transform-set TSET esp-3des esp-sha-hmac
    !
    crypto ipsec profile VTI
    set transform-set TSET
    !
    !
    interface Tunnel0
    ip address 192.168.10.2 255.255.255.0
    tunnel source 10.0.149.220
    tunnel destination 10.0.149.221
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile VTI
    !
    interface FastEthernet0/0
    ip address 10.0.149.220 255.255.255.0
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    ip address 192.168.20.1 255.255.255.0
    duplex auto
    speed auto
    !
    router rip
    version 2
    network 192.168.10.0
    network 192.168.20.0

    The pfsense side would look like (if it were a cisco device)

    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp key ******** address 0.0.0.0 0.0.0.0
    crypto isakmp keepalive 10
    !
    !
    crypto ipsec transform-set TSET esp-3des esp-sha-hmac
    !
    crypto ipsec profile VTI
    set transform-set TSET
    !
    !
    interface Tunnel0
    ip address 192.168.10.1 255.255.255.0
    tunnel source 10.0.149.221
    tunnel destination 10.0.149.220
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile VTI
    !
    interface FastEthernet0/0
    ip address 10.0.149.221 255.255.255.0
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    ip address 192.168.21.1 255.255.255.0
    duplex auto
    speed auto
    !
    router rip
    version 2
    network 192.168.10.0
    network 192.168.21.0
    !

    could very much use some help here, or any advice what so ever. Not too familiar with pfsense at all.


Log in to reply