Cisco PIX IPSec and PfSense 2.0.3



  • Hi guys,

    I have a "little" problem with IPSec between PIX (v6.3) and PfSense (v2.0.3)
    This is my configuration on PIX side:

    static (ifname1,ifname2) 122.45.168.50 192.168.0.5 netmask 255.255.255.255 0 0
    static (ifname1,ifname2) 122.45.168.51 192.168.0.6 netmask 255.255.255.255 0 0

    access-list 142 permit ip host 122.45.168.50 host 111.32.123.134
    access-list 142 permit ip host 122.45.168.50 host 111.32.123.139
    access-list 142 permit ip host 122.45.168.51 host 111.32.123.134
    access-list 142 permit ip host 122.45.168.51 host 111.32.123.139

    crypto ipsec transform-set trasf1 esp-3des esp-md5-hmac

    crypto map map1 42 ipsec-isakmp
    crypto map map1 42 match address 142
    crypto map map1 42 set peer 111.32.123.130
    crypto map map1 42 set transform-set trasf1
    crypto map map1 42 set security-association lifetime seconds 3600 kilobytes 4608000
    crypto map map1 interface ifname2
    isakmp enable ifname2
    isakmp key keynotimportant address 111.32.123.130 netmask 255.255.255.255
    isakmp keepalive 10
    isakmp policy 30 authentication pre-share
    isakmp policy 30 encryption 3des
    isakmp policy 30 hash md5
    isakmp policy 30 group 2
    isakmp policy 30 lifetime 86400

    On the PfSense side I have this configuration:

    • 2 CARP IP (111.32.123.134 and 111.32.123.139 on WAN interface)
    • 2 1:1 NAT (192.168.1.7<->111.32.123.134 and 192.168.1.8<->111.32.123.139)
    • permit any any on all interface

    The IPSec phase 1 is aggressive.
    But when I try to start IPSec, the log of pix tell me: "proxy identities not supported"
    Anyone can help me?

    Thx