Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cisco PIX IPSec and PfSense 2.0.3

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      space_new
      last edited by

      Hi guys,

      I have a "little" problem with IPSec between PIX (v6.3) and PfSense (v2.0.3)
      This is my configuration on PIX side:

      static (ifname1,ifname2) 122.45.168.50 192.168.0.5 netmask 255.255.255.255 0 0
      static (ifname1,ifname2) 122.45.168.51 192.168.0.6 netmask 255.255.255.255 0 0

      access-list 142 permit ip host 122.45.168.50 host 111.32.123.134
      access-list 142 permit ip host 122.45.168.50 host 111.32.123.139
      access-list 142 permit ip host 122.45.168.51 host 111.32.123.134
      access-list 142 permit ip host 122.45.168.51 host 111.32.123.139

      crypto ipsec transform-set trasf1 esp-3des esp-md5-hmac

      crypto map map1 42 ipsec-isakmp
      crypto map map1 42 match address 142
      crypto map map1 42 set peer 111.32.123.130
      crypto map map1 42 set transform-set trasf1
      crypto map map1 42 set security-association lifetime seconds 3600 kilobytes 4608000
      crypto map map1 interface ifname2
      isakmp enable ifname2
      isakmp key keynotimportant address 111.32.123.130 netmask 255.255.255.255
      isakmp keepalive 10
      isakmp policy 30 authentication pre-share
      isakmp policy 30 encryption 3des
      isakmp policy 30 hash md5
      isakmp policy 30 group 2
      isakmp policy 30 lifetime 86400

      On the PfSense side I have this configuration:

      • 2 CARP IP (111.32.123.134 and 111.32.123.139 on WAN interface)
      • 2 1:1 NAT (192.168.1.7<->111.32.123.134 and 192.168.1.8<->111.32.123.139)
      • permit any any on all interface

      The IPSec phase 1 is aggressive.
      But when I try to start IPSec, the log of pix tell me: "proxy identities not supported"
      Anyone can help me?

      Thx

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.