IPSec VPN, pfSense to Cisco router, No VPN traffic passing

  • Hi, all,

    I'm working on trying to get a Cisco router at a remote office to connect a VPN tunnel over to our home office.  Right now, I have both routers in the home office for configuration and testing, but both the pfSense and Cisco router have outside public IP's to work with.

    The Cisco is going to be performing a number of duties.  It will be the DHCP server for the remote LAN which is  The device will at some point be on an MPLS circuit, but until that comes in, we're going to have just cable modem service with a static IP at the office.  The Cisco 1921 is configured with G0/0 being the LAN-side connection with IP  The G0/1 interface is set up to simulate the eventual cable modem connection.  Its static IP is  I have confirmed that DHCP for LAN clients is working, and I've put in a default route and NAT for the Internet connectivity and confirmed these are working.

    The problem I'm having right now is getting any traffic to actually traverse the tunnel.  I followed the instructions here as a first step: https://doc.pfsense.org/index.php/IPsec_between_pfSense_and_Cisco_IOS    Even then, I needed to make a couple of tweaks to get it to come up.  According to pfSense the tunnel is established, but I can't ping anything through it.

    I am attaching the current config of the Cisco 1921 and screenshots of the phase 1 & 2 on the pfSense box.  I certainly hope someone can tell me what I'm doing wrong because I need to get this working in the next couple of days!


  • The bitmask on the Cisco doesn't match the subnet specified on pfSense. should be on your access-list.

  • Thanks!  Been so busy today I didn't have a chance to write and say that I'd done that, but the tunnel still didn't appear to be working, but then we disabled and re-enabled it on a whim and then it suddenly decided to start working!

    Sometimes it's finding these solutions that can be maddening and at the same time, have you cheering out loud in your cube.

Log in to reply