Cisco 800 ADSL router IPSEC VPN to PFSense



  • Hi

    I have a site to site VPN running from home to my wifes work between two Cisco 800 ADSL routers, it works perfectly but I have now moved the work Internet access to a Fibre connection that Terminates on a PFSense Firewall. (PPPoE)

    I want to move the IPSEC VPN so that it now runs from the Cisco 800 at home to the PF Sense firewall, I have searched and found some articles but none that are specific to Cisco 800 routers, I found one that is for a ASA but the IPSEC seems very different.

    Has anyone done this successfully, do you have a setup document that you can share?

    regards

    Peter


  • LAYER 8 Netgate

    Anything detailing IOS should work with the Cisco 800. Yes, ASA/PIX are different.

    It's just IPSec. What versions of IOS/pfSense are you talking about?



  • Hi
    The Router version is Version 12.4(24)T6, the PFSense box is 2.2.5-RELEASE (i386)

    On the Cisco I just changed the remote host since I already had the VPN configured to run to a Cisco 800 on the remote side, this is the config on the Home side now.

    crypto isakmp policy 1
    encr 3des
    hash md5
    authentication pre-share
    group 2
    crypto isakmp key "superkey" hostname "officesite".dyndns.org

    crypto ipsec transform-set TS esp-3des esp-md5-hmac
    !
    crypto map vpn-to-hq 10 ipsec-isakmp
    set peer "officesite".dyndns.org dynamic
    set transform-set TS
    match address VPN-TRAFFIC

    ip access-list extended VPN-TRAFFIC
    permit ip 192.168.2.0 0.0.0.255 10.1.0.0 0.0.3.255

    access-list 100 deny  ip 192.168.2.0 0.0.0.255 10.1.0.0 0.0.3.255
    access-list 100 permit ip 192.168.2.0 0.0.0.255 any

    Then attached are the PFsense screens, if this is correct then I have a rule problem possibly..

    ![VPN_ IPsec_ Edit Phase 1.jpg](/public/imported_attachments/1/VPN_ IPsec_ Edit Phase 1.jpg)
    ![VPN_ IPsec_ Edit Phase 1.jpg_thumb](/public/imported_attachments/1/VPN_ IPsec_ Edit Phase 1.jpg_thumb)
    ![VPN_ IPsec_ Edit Phase 2.jpg](/public/imported_attachments/1/VPN_ IPsec_ Edit Phase 2.jpg)
    ![VPN_ IPsec_ Edit Phase 2.jpg_thumb](/public/imported_attachments/1/VPN_ IPsec_ Edit Phase 2.jpg_thumb)


  • LAYER 8 Netgate

    Looking at it briefly I think you should look at the peer identification. It looks like the 800 is set to FQDN and pfSense is set to IP addresses.



  • I have this working, will post the configs for anyone's reference..


Log in to reply