Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec VPN, pfSense to Cisco router, No VPN traffic passing

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      btesdall71
      last edited by

      Hi, all,

      I'm working on trying to get a Cisco router at a remote office to connect a VPN tunnel over to our home office.  Right now, I have both routers in the home office for configuration and testing, but both the pfSense and Cisco router have outside public IP's to work with.

      The Cisco is going to be performing a number of duties.  It will be the DHCP server for the remote LAN which is 10.23.10.0/24.  The device will at some point be on an MPLS circuit, but until that comes in, we're going to have just cable modem service with a static IP at the office.  The Cisco 1921 is configured with G0/0 being the LAN-side connection with IP 10.23.10.1.  The G0/1 interface is set up to simulate the eventual cable modem connection.  Its static IP is 205.237.121.4.  I have confirmed that DHCP for LAN clients is working, and I've put in a default route and NAT for the Internet connectivity and confirmed these are working.

      The problem I'm having right now is getting any traffic to actually traverse the tunnel.  I followed the instructions here as a first step: https://doc.pfsense.org/index.php/IPsec_between_pfSense_and_Cisco_IOS    Even then, I needed to make a couple of tweaks to get it to come up.  According to pfSense the tunnel is established, but I can't ping anything through it.

      I am attaching the current config of the Cisco 1921 and screenshots of the phase 1 & 2 on the pfSense box.  I certainly hope someone can tell me what I'm doing wrong because I need to get this working in the next couple of days!

      pfSense1.PNG
      pfSense2.PNG
      pfSense3.PNG
      pfSense4.PNG
      pfSense1.PNG_thumb
      pfSense2.PNG_thumb
      pfSense3.PNG_thumb
      pfSense4.PNG_thumb
      Cisco1921.txt

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        The bitmask on the Cisco doesn't match the subnet specified on pfSense. 10.0.0.0/13 should be 10.0.0.0 0.7.255.255 on your access-list.

        1 Reply Last reply Reply Quote 0
        • B
          btesdall71
          last edited by

          Thanks!  Been so busy today I didn't have a chance to write and say that I'd done that, but the tunnel still didn't appear to be working, but then we disabled and re-enabled it on a whim and then it suddenly decided to start working!

          Sometimes it's finding these solutions that can be maddening and at the same time, have you cheering out loud in your cube.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.