Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPSEC makes pfSense reboot?

    IPsec
    3
    3
    3039
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cmacagno last edited by

      I tried to setup an IPSEC VPN between my pfSense 1.2 beta and a Cisco ASA 5510.  The connection worked for about 3 seconds then the pfSense rebooted and kept rebooting until I disabled the VPN connection on the Cisco.  Has anyone seen anything like this before?  Any help would be appreciated.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        Interesting, what happened is it made it kernel panic. Never heard of anybody seeing that with IPsec.

        Can you post (or PM me or email cbuechler@gmail.com) your IPsec-related config off the ASA? I'll see if I can replicate it, though it might be a while before I get a chance.

        1 Reply Last reply Reply Quote 0
        • J
          JCarter last edited by

          We are still having this problem  :(,
          Not sure if anyone else can help us out but here's what the ASA5510 looks like:

          A.A.A.A = Remote LAN

          B.B.B.B = Remote public IP

          Y.Y.Y.Y = Local LAN

          Z.Z.Z.Z = Local public IP

          :

          ASA Version 7.0(5)

          !

          interface Ethernet0/0

          speed 100

          duplex full

          nameif PUBLIC

          security-level 0

          ip address Z.Z.Z.Z 255.255.255.0

          !

          interface Ethernet0/2

          nameif PRIVATE

          security-level 100

          ip address Y.Y.Y.Y 255.255.255.0

          !

          access-list PUBLIC_access_in extended permit ip A.A.A.A 255.255.255.0 Y.Y.Y.Y 255.255.255.0
          access-list nonat extended permit ip Y.Y.Y.Y 255.255.255.0 A.A.A.A 255.255.255.0
          access-list PUBLIC_cryptomap_20 extended permit ip Y.Y.Y.Y 255.255.255.0 A.A.A.A 255.255.255.0
          crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
          crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
          crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
          crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
          crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
          crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
          crypto map PUBLIC_map 20 match address PUBLIC_cryptomap_20
          crypto map PUBLIC_map 20 set peer B.B.B.B crypto map PUBLIC_map 20
          set transform-set ESP-3DES-MD5
          crypto map PUBLIC_map interface PUBLIC
          isakmp identity address
          isakmp enable PUBLIC
          isakmp policy 10
          authentication pre-share
          isakmp policy 10
          encryption 3des
          isakmp policy 10 hash md5
          isakmp policy 10 group 1
          isakmp policy 10 lifetime 3600
          tunnel-group B.B.B.B type ipsec-l2l
          tunnel-group B.B.B.B ipsec-attributes  pre-shared-key * 
          peer-id-validate nocheck
          tunnel-group-map default-group B.B.B.B no vpn-addr-assign dhcp no vpn-addr-assign local

          1 Reply Last reply Reply Quote 0
          • First post
            Last post