Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connect Then Disconnects PfSense to Cisco ASA

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rabalam
      last edited by

      I have an Cisco ASA 5510 firewall terminating out VPN tunnels at least 100 tunnels have been configured and working. I have one in particular that causing me major grief; I reboot my device the tunnel comes call phases pass but then a minute later I get the below message:

      racoon: []: INFO: initiate new phase 1 negotiation: <<pfsense host="">>[500]<=><<cisco asa="">>[500]
      May 31 11:47:53 racoon: INFO: begin Identity Protection mode.
      May 31 11:47:53 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      May 31 11:47:53 racoon: INFO: received Vendor ID: CISCO-UNITY
      May 31 11:47:53 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
      May 31 11:47:53 racoon: INFO: received Vendor ID: DPD
      May 31 11:47:53 racoon: []: INFO: ISAKMP-SA established <<pfsense host="">>[500]-<<cisco asa="">>[500] spi:4ced60a932f84e6a:f5ecbda0093c2e01
      May 31 11:47:54 racoon: []: INFO: initiate new phase 2 negotiation: <<pfsense host="">>[500]<=><<cisco asa="">>[500]
      May 31 11:47:54 racoon: INFO: purging ISAKMP-SA spi=4ced60a932f84e6a:f5ecbda0093c2e01.
      May 31 11:47:54 racoon: INFO: purged IPsec-SA spi=257290577.
      May 31 11:47:54 racoon: INFO: purged ISAKMP-SA spi=4ced60a932f84e6a:f5ecbda0093c2e01.
      May 31 11:47:54 racoon: []: INFO: ISAKMP-SA deleted <<pfsense host="">>[500]-<<cisco asa="">>[500] spi:4ced60a932f84e6a:f5ecbda0093c2e01
      May 31 11:48:18 racoon: []: INFO: IPsec-SA request for <<cisco asa="">> queued due to no phase1 found.
      May 31 11:48:18 racoon: []: INFO: initiate new phase 1 negotiation: <<pfsense host="">>[500]<=><<cisco asa="">>[500]
      May 31 11:48:18 racoon: INFO: begin Identity Protection mode.
      May 31 11:48:18 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
      May 31 11:48:19 racoon: INFO: received Vendor ID: CISCO-UNITY
      May 31 11:48:19 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
      May 31 11:48:19 racoon: INFO: received Vendor ID: DPD
      May 31 11:48:19 racoon: []: INFO: ISAKMP-SA established <<pfsense host="">>[500]-<<cisco asa="">>[500] spi:b1dd94c5b4f2dbfa:1aed93a858905cda
      May 31 11:48:19 racoon: []: INFO: initiate new phase 2 negotiation: <<pfsense host="">>[500]<=><<cisco asa="">>[500]
      May 31 11:48:19 racoon: INFO: purging ISAKMP-SA spi=b1dd94c5b4f2dbfa:1aed93a858905cda.
      May 31 11:48:19 racoon: INFO: purged IPsec-SA spi=185034929.
      May 31 11:48:19 racoon: INFO: purged ISAKMP-SA spi=b1dd94c5b4f2dbfa:1aed93a858905cda.
      May 31 11:48:19 racoon: []: INFO: ISAKMP-SA deleted <<pfsense host="">>[500]-<<cisco asa="">>[500] spi:b1dd94c5b4f2dbfa:1aed93a858905cda

      I cannot determine if this is the Firewall denying connection or the PFSense dropping the connect after they have established the connection.

      Any assistance if greatly appreciated.

      thx,

      ~r</cisco></pfsense></cisco></pfsense></cisco></pfsense></cisco></pfsense></cisco></cisco></pfsense></cisco></pfsense></cisco></pfsense></cisco></pfsense>

      1 Reply Last reply Reply Quote 0
      • F
        foxtrotks
        last edited by

        Do you have VM's running?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.