Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC makes pfSense reboot?

    Scheduled Pinned Locked Moved IPsec
    3 Posts 3 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      cmacagno
      last edited by

      I tried to setup an IPSEC VPN between my pfSense 1.2 beta and a Cisco ASA 5510.  The connection worked for about 3 seconds then the pfSense rebooted and kept rebooting until I disabled the VPN connection on the Cisco.  Has anyone seen anything like this before?  Any help would be appreciated.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • C Offline
        cmb
        last edited by

        Interesting, what happened is it made it kernel panic. Never heard of anybody seeing that with IPsec.

        Can you post (or PM me or email cbuechler@gmail.com) your IPsec-related config off the ASA? I'll see if I can replicate it, though it might be a while before I get a chance.

        1 Reply Last reply Reply Quote 0
        • J Offline
          JCarter
          last edited by

          We are still having this problem  :(,
          Not sure if anyone else can help us out but here's what the ASA5510 looks like:

          A.A.A.A = Remote LAN

          B.B.B.B = Remote public IP

          Y.Y.Y.Y = Local LAN

          Z.Z.Z.Z = Local public IP

          :

          ASA Version 7.0(5)

          !

          interface Ethernet0/0

          speed 100

          duplex full

          nameif PUBLIC

          security-level 0

          ip address Z.Z.Z.Z 255.255.255.0

          !

          interface Ethernet0/2

          nameif PRIVATE

          security-level 100

          ip address Y.Y.Y.Y 255.255.255.0

          !

          access-list PUBLIC_access_in extended permit ip A.A.A.A 255.255.255.0 Y.Y.Y.Y 255.255.255.0
          access-list nonat extended permit ip Y.Y.Y.Y 255.255.255.0 A.A.A.A 255.255.255.0
          access-list PUBLIC_cryptomap_20 extended permit ip Y.Y.Y.Y 255.255.255.0 A.A.A.A 255.255.255.0
          crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
          crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
          crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
          crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
          crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
          crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
          crypto map PUBLIC_map 20 match address PUBLIC_cryptomap_20
          crypto map PUBLIC_map 20 set peer B.B.B.B crypto map PUBLIC_map 20
          set transform-set ESP-3DES-MD5
          crypto map PUBLIC_map interface PUBLIC
          isakmp identity address
          isakmp enable PUBLIC
          isakmp policy 10
          authentication pre-share
          isakmp policy 10
          encryption 3des
          isakmp policy 10 hash md5
          isakmp policy 10 group 1
          isakmp policy 10 lifetime 3600
          tunnel-group B.B.B.B type ipsec-l2l
          tunnel-group B.B.B.B ipsec-attributes  pre-shared-key * 
          peer-id-validate nocheck
          tunnel-group-map default-group B.B.B.B no vpn-addr-assign dhcp no vpn-addr-assign local

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.