Cisco PIX IPSec and PfSense 2.0.3
-
Hi guys,
I have a "little" problem with IPSec between PIX (v6.3) and PfSense (v2.0.3)
This is my configuration on PIX side:static (ifname1,ifname2) 122.45.168.50 192.168.0.5 netmask 255.255.255.255 0 0
static (ifname1,ifname2) 122.45.168.51 192.168.0.6 netmask 255.255.255.255 0 0access-list 142 permit ip host 122.45.168.50 host 111.32.123.134
access-list 142 permit ip host 122.45.168.50 host 111.32.123.139
access-list 142 permit ip host 122.45.168.51 host 111.32.123.134
access-list 142 permit ip host 122.45.168.51 host 111.32.123.139crypto ipsec transform-set trasf1 esp-3des esp-md5-hmac
crypto map map1 42 ipsec-isakmp
crypto map map1 42 match address 142
crypto map map1 42 set peer 111.32.123.130
crypto map map1 42 set transform-set trasf1
crypto map map1 42 set security-association lifetime seconds 3600 kilobytes 4608000
crypto map map1 interface ifname2
isakmp enable ifname2
isakmp key keynotimportant address 111.32.123.130 netmask 255.255.255.255
isakmp keepalive 10
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption 3des
isakmp policy 30 hash md5
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400On the PfSense side I have this configuration:
- 2 CARP IP (111.32.123.134 and 111.32.123.139 on WAN interface)
- 2 1:1 NAT (192.168.1.7<->111.32.123.134 and 192.168.1.8<->111.32.123.139)
- permit any any on all interface
The IPSec phase 1 is aggressive.
But when I try to start IPSec, the log of pix tell me: "proxy identities not supported"
Anyone can help me?Thx