Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Cisco 800 ADSL router IPSEC VPN to PFSense

    IPsec
    2
    5
    1613
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pwallace10 last edited by

      Hi

      I have a site to site VPN running from home to my wifes work between two Cisco 800 ADSL routers, it works perfectly but I have now moved the work Internet access to a Fibre connection that Terminates on a PFSense Firewall. (PPPoE)

      I want to move the IPSEC VPN so that it now runs from the Cisco 800 at home to the PF Sense firewall, I have searched and found some articles but none that are specific to Cisco 800 routers, I found one that is for a ASA but the IPSEC seems very different.

      Has anyone done this successfully, do you have a setup document that you can share?

      regards

      Peter

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        Anything detailing IOS should work with the Cisco 800. Yes, ASA/PIX are different.

        It's just IPSec. What versions of IOS/pfSense are you talking about?

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • P
          pwallace10 last edited by

          Hi
          The Router version is Version 12.4(24)T6, the PFSense box is 2.2.5-RELEASE (i386)

          On the Cisco I just changed the remote host since I already had the VPN configured to run to a Cisco 800 on the remote side, this is the config on the Home side now.

          crypto isakmp policy 1
          encr 3des
          hash md5
          authentication pre-share
          group 2
          crypto isakmp key "superkey" hostname "officesite".dyndns.org

          crypto ipsec transform-set TS esp-3des esp-md5-hmac
          !
          crypto map vpn-to-hq 10 ipsec-isakmp
          set peer "officesite".dyndns.org dynamic
          set transform-set TS
          match address VPN-TRAFFIC

          ip access-list extended VPN-TRAFFIC
          permit ip 192.168.2.0 0.0.0.255 10.1.0.0 0.0.3.255

          access-list 100 deny  ip 192.168.2.0 0.0.0.255 10.1.0.0 0.0.3.255
          access-list 100 permit ip 192.168.2.0 0.0.0.255 any

          Then attached are the PFsense screens, if this is correct then I have a rule problem possibly..

          ![VPN_ IPsec_ Edit Phase 1.jpg](/public/imported_attachments/1/VPN_ IPsec_ Edit Phase 1.jpg)
          ![VPN_ IPsec_ Edit Phase 1.jpg_thumb](/public/imported_attachments/1/VPN_ IPsec_ Edit Phase 1.jpg_thumb)
          ![VPN_ IPsec_ Edit Phase 2.jpg](/public/imported_attachments/1/VPN_ IPsec_ Edit Phase 2.jpg)
          ![VPN_ IPsec_ Edit Phase 2.jpg_thumb](/public/imported_attachments/1/VPN_ IPsec_ Edit Phase 2.jpg_thumb)

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            Looking at it briefly I think you should look at the peer identification. It looks like the 800 is set to FQDN and pfSense is set to IP addresses.

            Chattanooga, Tennessee, USA
            The pfSense Book is free of charge!
            DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • P
              pwallace10 last edited by

              I have this working, will post the configs for anyone's reference..

              1 Reply Last reply Reply Quote 0
              • First post
                Last post