pfSense English Support > IPsec

ipsec phase 2 not working

(1/2) > >>

irs:
i am tring to fix this but still can not understand how can i fix phase2 can any one please help

 but not Phase 2. make sure your access list matches exactly the opposite of ours. Check your other P2 parameters.
>>>
>>> Crypto Map IPv4 "VPN" 49 ipsec-isakmp
>>> Description:  Center
>>> Peer = static ip address
>>> Extended IP access list acl-vpn-NJB
>>> access-list acl-vpn-NJB permit ip host 172.17.0.254 172.17.7.0 0.0.0.255
>>> access-list acl-vpn-NJB permit ip host 172.17.0.4 172.17.7.0 0.0.0.255
>>> access-list acl-vpn-NJB permit ip host 172.17.0.51 172.17.7.0 0.0.0.255
>>> Current peer: same staic ip address as above
>>> Security association lifetime: 4608000 kilobytes/3600 seconds
>>> Responder-Only (Y/N): N
>>> PFS (Y/N): Y
>>> DH group: group2
>>> Mixed-mode : Disabled
>>> Transform sets={
>>> vpn-aes128-sha: { esp-aes esp-sha-hmac } ,

 

Derelict:
What is not working?

What is in the logs?

How is the pfSense side set up?

irs:
IKE Phase 1

Key Negotiation Type                   ISAKMP
Encryption                               AES (128-bit)
Authentication                             SHA1
Key Group                                Diffie_Hellman
SA Life Time                                86400
Mode Exchange                         Main         
Shared Key Prefix                     self generated

IPSEC Phase-2

Type                                     ESP (encapsulating
Authentication                           SHA1
Encryption                                 AES (128-bit)
Perfect Forward                       Diff-Hellman
SA Life                                         3600
SA life Kilobytes                        4608000

IP  Netblock/Host
192.168.1.254/32                      192.168.1.0/24
192.168.1.4/32
192.168.1.4.54/32

in bound Ports
ALL

irs:
Jan 31 09:35:40   charon      12[IKE] <con1000|21> activating new tasks
Jan 31 09:35:40   charon      12[IKE] <con1000|21> activating ISAKMP_DPD task
Jan 31 09:35:40   charon      12[ENC] <con1000|21> generating INFORMATIONAL_V1 request 71033770 [ HASH N(DPD) ]
Jan 31 09:35:40   charon      12[NET] <con1000|21> sending packet: from 98.xxx.xxx.xxx[500] to 64.xxx.xxx.xxx[500] (92 bytes)
Jan 31 09:35:40   charon      12[IKE] <con1000|21> activating new tasks
Jan 31 09:35:40   charon      12[IKE] <con1000|21> nothing to initiate
Jan 31 09:35:40   charon      12[NET] <con1000|21> received packet: from 64.xxx.xxx.xxx[500] to 98.xxx.xxx.xxx[500] (92 bytes)
Jan 31 09:35:40   charon      12[ENC] <con1000|21> parsed INFORMATIONAL_V1 request 422502870 [ HASH N(DPD_ACK) ]
Jan 31 09:35:40   charon      12[IKE] <con1000|21> activating new tasks
Jan 31 09:35:40   charon      12[IKE] <con1000|21> nothing to initiate
Jan 31 09:35:44   charon      06[CFG] vici client 49 connected
Jan 31 09:35:44   charon      13[CFG] vici client 49 registered for: list-sa
Jan 31 09:35:44   charon      13[CFG] vici client 49 requests: list-sas
Jan 31 09:35:44   charon      13[CFG] vici client 49 disconnected
Jan 31 09:35:49   charon      14[CFG] vici client 50 connected
Jan 31 09:35:49   charon      06[CFG] vici client 50 registered for: list-sa
Jan 31 09:35:49   charon      14[CFG] vici client 50 requests: list-sas
Jan 31 09:35:49   charon      14[CFG] vici client 50 disconnected
Jan 31 09:35:50   charon      14[IKE] <con1000|21> sending DPD request
Jan 31 09:35:50   charon      14[IKE] <con1000|21> queueing ISAKMP_DPD task
Jan 31 09:35:50   charon      14[IKE] <con1000|21> activating new tasks
Jan 31 09:35:50   charon      14[IKE] <con1000|21> activating ISAKMP_DPD task
Jan 31 09:35:50   charon      14[ENC] <con1000|21> generating INFORMATIONAL_V1 request 3516362738 [ HASH N(DPD) ]
Jan 31 09:35:50   charon      14[NET] <con1000|21> sending packet: from 98.xxx.xxx.xxx[500] to 64.xxx.xxx.xxx[500] (92 bytes)
Jan 31 09:35:50   charon      14[IKE] <con1000|21> activating new tasks
Jan 31 09:35:50   charon      14[IKE] <con1000|21> nothing to initiate
Jan 31 09:35:50   charon      14[NET] <con1000|21> received packet: from 64.xxx.xxx.xxx[500] to 98.xxx.xxx.xxx[500] (92 bytes)
Jan 31 09:35:50   charon      14[ENC] <con1000|21> parsed INFORMATIONAL_V1 request 472707021 [ HASH N(DPD_ACK) ]
Jan 31 09:35:50   charon      14[IKE] <con1000|21> activating new tasks
Jan 31 09:35:50   charon      14[IKE] <con1000|21> nothing to initiate
Jan 31 09:35:54   charon      13[CFG] vici client 51 connected
Jan 31 09:35:54   charon      13[CFG] vici client 51 registered for: list-sa
Jan 31 09:35:54   charon      05[CFG] vici client 51 requests: list-sas
Jan 31 09:35:54   charon      13[CFG] vici client 51 disconnected
Jan 31 09:35:59   charon      13[CFG] vici client 52 connected
Jan 31 09:35:59   charon      10[CFG] vici client 52 registered for: list-sa
Jan 31 09:35:59   charon      10[CFG] vici client 52 requests: list-sas
Jan 31 09:35:59   charon      10[CFG] vici client 52 disconnected
Jan 31 09:36:00   charon      10[IKE] <con1000|21> sending DPD request
Jan 31 09:36:00   charon      10[IKE] <con1000|21> queueing ISAKMP_DPD task
Jan 31 09:36:00   charon      10[IKE] <con1000|21> activating new tasks
Jan 31 09:36:00   charon      10[IKE] <con1000|21> activating ISAKMP_DPD task
Jan 31 09:36:00   charon      10[ENC] <con1000|21> generating INFORMATIONAL_V1 request 3870667372 [ HASH N(DPD) ]
Jan 31 09:36:00   charon      10[NET] <con1000|21> sending packet: from 98.xxx.xxx.xxx[500] to 64.xxx.xxx.xxx[500] (92 bytes)
Jan 31 09:36:00   charon      10[IKE] <con1000|21> activating new tasks
Jan 31 09:36:00   charon      10[IKE] <con1000|21> nothing to initiate
Jan 31 09:36:00   charon      10[NET] <con1000|21> received packet: from 64.xxx.xxx.xxx[500] to 98.xxx.xxx.xxx[500] (92 bytes)
Jan 31 09:36:00   charon      10[ENC] <con1000|21> parsed INFORMATIONAL_V1 request 483150185 [ HASH N(DPD_ACK) ]
Jan 31 09:36:00   charon      10[IKE] <con1000|21> activating new tasks
Jan 31 09:36:00   charon      10[IKE] <con1000|21> nothing to initiat

irs:
Phase 2 is not working.

Navigation

[0] Message Index

[#] Next page

Go to full version