Ipsec tunnel between 2.03 and cisco, broken after upgrade to 2.1



  • Hello,

    i had a working ipsec tunnel setup between my pfsense 2.03 and a cisco device, but this morning after upgrade to 2.1 i get this error and the tunnel stays down:

    ERROR: exchange Identity Protection not allowed in any applicable rmconf.

    Any suggestions? Thx.



  • Seen this once, I had to delete the tunnel and re-create it with the same settings.  Probably some entry in the Racoon config, but was just easier to rebuild it.  If you have a really complicated tunnel you can review the config file.



  • I've seen similar errors when there is a mismatch on negotiation mode (aggressive and main) Check your settings and if everything is correct on both sides try rwalker's suggestion and recreate the tunnel.


Log in to reply