Netgate SG-1000 microFirewall

Author Topic: IPSec connect to CISCO but can not ping each other  (Read 120 times)

0 Members and 1 Guest are viewing this topic.

Offline irs

  • Jr. Member
  • **
  • Posts: 82
  • Karma: +0/-0
    • View Profile
IPSec connect to CISCO but can not ping each other
« on: January 01, 2018, 11:22:02 pm »
I have build ipsec connectivity between Cisco and two pfsense. The connection shows Connected but can not ping.

I am also running openVPN on same pfsense between two locations connected and running fine.

I need to allow 192.168.1.254/32, 192.168.1.4/32 to access my network through ipsec.

cat /var/etc/ipsec/ipsec.conf

 # This file is automatically generated. Do not edit
config setup
   uniqueids = yes

conn bypasslan
   leftsubnet = 10.1.7.0/24
   rightsubnet = 10.1.7.0/24
   authby = never
   type = passthrough
   auto = route

conn con1000
   fragmentation = yes
   keyexchange = ikev1
   reauth = yes
   forceencaps = no
   mobike = no

   rekey = yes
   installpolicy = yes
   type = tunnel
   dpdaction = restart
   dpddelay = 10s
   dpdtimeout = 60s
   auto = route
   left = 173.11.200.109
   right = 64.xxx.xxx.70
   leftid = 173.xxx.xxx.109
   ikelifetime = 86400s
   lifetime = 3600s
   ike = aes128-sha1-modp1024!
   esp = aes128-sha1-modp1024!
   leftauth = psk
   rightauth = psk
   rightid = 64.xxx.xxx.70
   aggressive = no
   rightsubnet = 192.168.1.0/24
   leftsubnet = 10.1.7.0/24

i dont know what i am missing?