4. IPSec VPN, pfSense to Cisco router, No VPN traffic passing

IPSec VPN, pfSense to Cisco router, No VPN traffic passing

  • B

    Hi, all,

    I'm working on trying to get a Cisco router at a remote office to connect a VPN tunnel over to our home office.  Right now, I have both routers in the home office for configuration and testing, but both the pfSense and Cisco router have outside public IP's to work with.

    The Cisco is going to be performing a number of duties.  It will be the DHCP server for the remote LAN which is 10.23.10.0/24.  The device will at some point be on an MPLS circuit, but until that comes in, we're going to have just cable modem service with a static IP at the office.  The Cisco 1921 is configured with G0/0 being the LAN-side connection with IP 10.23.10.1.  The G0/1 interface is set up to simulate the eventual cable modem connection.  Its static IP is 205.237.121.4.  I have confirmed that DHCP for LAN clients is working, and I've put in a default route and NAT for the Internet connectivity and confirmed these are working.

    The problem I'm having right now is getting any traffic to actually traverse the tunnel.  I followed the instructions here as a first step: https://doc.pfsense.org/index.php/IPsec_between_pfSense_and_Cisco_IOS    Even then, I needed to make a couple of tweaks to get it to come up.  According to pfSense the tunnel is established, but I can't ping anything through it.

    I am attaching the current config of the Cisco 1921 and screenshots of the phase 1 & 2 on the pfSense box.  I certainly hope someone can tell me what I'm doing wrong because I need to get this working in the next couple of days!









    Cisco1921.txt

    0

  • The bitmask on the Cisco doesn't match the subnet specified on pfSense. 10.0.0.0/13 should be 10.0.0.0 0.7.255.255 on your access-list.

    0
  • B

    Thanks!  Been so busy today I didn't have a chance to write and say that I'd done that, but the tunnel still didn't appear to be working, but then we disabled and re-enabled it on a whim and then it suddenly decided to start working!

    Sometimes it's finding these solutions that can be maddening and at the same time, have you cheering out loud in your cube.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy