IPSEC makes pfSense reboot?



  • I tried to setup an IPSEC VPN between my pfSense 1.2 beta and a Cisco ASA 5510.  The connection worked for about 3 seconds then the pfSense rebooted and kept rebooting until I disabled the VPN connection on the Cisco.  Has anyone seen anything like this before?  Any help would be appreciated.

    Thanks.



  • Interesting, what happened is it made it kernel panic. Never heard of anybody seeing that with IPsec.

    Can you post (or PM me or email cbuechler@gmail.com) your IPsec-related config off the ASA? I'll see if I can replicate it, though it might be a while before I get a chance.



  • We are still having this problem  :(,
    Not sure if anyone else can help us out but here's what the ASA5510 looks like:

    A.A.A.A = Remote LAN

    B.B.B.B = Remote public IP

    Y.Y.Y.Y = Local LAN

    Z.Z.Z.Z = Local public IP

    :

    ASA Version 7.0(5)

    !

    interface Ethernet0/0

    speed 100

    duplex full

    nameif PUBLIC

    security-level 0

    ip address Z.Z.Z.Z 255.255.255.0

    !

    interface Ethernet0/2

    nameif PRIVATE

    security-level 100

    ip address Y.Y.Y.Y 255.255.255.0

    !

    access-list PUBLIC_access_in extended permit ip A.A.A.A 255.255.255.0 Y.Y.Y.Y 255.255.255.0
    access-list nonat extended permit ip Y.Y.Y.Y 255.255.255.0 A.A.A.A 255.255.255.0
    access-list PUBLIC_cryptomap_20 extended permit ip Y.Y.Y.Y 255.255.255.0 A.A.A.A 255.255.255.0
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto map PUBLIC_map 20 match address PUBLIC_cryptomap_20
    crypto map PUBLIC_map 20 set peer B.B.B.B crypto map PUBLIC_map 20
    set transform-set ESP-3DES-MD5
    crypto map PUBLIC_map interface PUBLIC
    isakmp identity address
    isakmp enable PUBLIC
    isakmp policy 10
    authentication pre-share
    isakmp policy 10
    encryption 3des
    isakmp policy 10 hash md5
    isakmp policy 10 group 1
    isakmp policy 10 lifetime 3600
    tunnel-group B.B.B.B type ipsec-l2l
    tunnel-group B.B.B.B ipsec-attributes  pre-shared-key * 
    peer-id-validate nocheck
    tunnel-group-map default-group B.B.B.B no vpn-addr-assign dhcp no vpn-addr-assign local


Log in to reply