I can't connet the IPsec when my pfsense connet to Zyxel firewall!!!!



  • I can't connet the IPsec when my pfsense connet to Zyxel firewall!!!!
    is it "My identifier" problem? can I use "user FQDN"?

    pfsense side network IP: unknown (Dynamic IP)
    Zyxel side network IP: know (xxx.xxx.xxx.xxx)

    I use aggressive mode, I mark xxx.xxx.xxx.xxx on the pfsense.

    ZyXEL Config:
    Encryption Algorithm: 3DES
    Authentication Algorithm: MD5
    SA Life Time (Seconds): 28800
    Key Group: DH2
    Pre-Shared Key: it is the key
    Enable Replay Detection: Yes
    Enable Multiple Proposals: Yes

    pfsense Config:
    Encryption algorithm: 3DES
    Hash algorithm: MD5
    DH key group: 2
    Authentication method: Pre-shared Key
    Pre-Shared Key: it is the key
    Protocol: ESP
    Encryption algorithms: 3DES
    Hash algorithms: MD5
    PFS key group: 2

    ps: if Zyxel connet pfsense, use Aggressive, use same config, is ok~~~



  • You should use an identifier other than ip for the pfSense end. However this identifier has to be added to the zyxel to identify/authenticate the connection. Check your Zyxel manpage how to do this and what identifiers are supported.



  • Thank you for your answer!!!!
    Is it enter Zyxel side network IP(xxx.xxx.xxx.xxx) in the "My identifier" of pfsense???



  • Don't use IP address, it is dynamic. Try other identifier types.


Locked