[pfSense Support] pfsense to netgear ipsec vpn

Mon, 18 Sep 2006 08:46:36 -0700 

Hello,
  I'm a relative newbie to ipsec on pfsense.  I'm trying to establish an
 ipsec vpn connection to a netgear FVS124G.  I already have a connection
going to a sonicwall and that runs fine.

The configuration on the pfsense is

        remote ip address PSK = <the key> and they match
        Interface = WAN (and its my primary address)
        Local Subnet = LAN Subnet
        remote subnet = 192.168.1.0/24
        remote gateway = <remote ip address>
        Description = Charlotte Corporate

Phase 1
        Negotiation mode = main
        My identifier = My IP address
        Encryption algorithm = 3DES
        Hash algorithm = SHA1
        DH Key group = 2 (1024 bit)
        lifetime = 86400
        Autentication Method = Pre-Shared Key
        Pre-Shared Key = <my psk>

Phase 2 (SA/Key Exchange)
        Protocol = ESP
        Encryption Algorithms = 3DES
        Hash Algoritm = SHA1
        PFS key group = 2 (1024 bit)
        Lifetime = 28800

On the Netgear IKE Policy
        General
                name = pwmtest
                Direction/Type = Both Directions
                Exchange Mode = Main Mode
        Local
                Select Local Gateway = Wan1 (69.whatever)
                Local Identity type WAN IP Address

        Remote
                Remote Host Configuration Record = None
                Remote Identity Type = WAN IP
        
        IKE SA Parameters
                Encryption Algorithm = 3DES
                Authentication Algorithm = SHA1
                Authentication Method = Pre-shared Key
                        <my key>
                Diffie-Hellman (DH) Group = Group 2 (1024 bit)
                SA Life Time = 28800

On the Netgear VPN Policy
        General
                Policy Name = pwmtest
                IKE Policy = pwmtest
                Remote VPN Endpoint Type = IP Address
                Remote VPN Endpoint IP Address = <my ip address>
        Traffic Selector
                Local IP = Subnet address
                        Start IP address = 192.168.1.0                          
                        Finish IP Address = N/A
                        Subnet Mask = 255.255.255.0
                Remote IP = Subnet address
                        Start IP Address = 10.0.0.0
                        Finnish IP Address = n/a
                        Subnet Mask = 255.255.252.0

        AH Conguration = unchecked

        ESP Configuration
                Enable Encryption = checked = 3DES
                Enable Authentication = checked = SHA-1


>From the pfsense I get: (some lines wrapped)

racoon: INFO: respond new phase 1 negotiation: <local wan
ip>[500]<=><remote wan ip>[500]
racoon: ERROR: not acceptable Identity Protection mode
racoon: ERROR: not acceptable Identity Protection mode

Thanks in advance

-- 
Curtis Maurand
Senior Network & Systems Engineer
BlueTarp Financial, Inc.
443 Congress St.
6th Floor
Portland, ME 04101
207.797.5900 x233 (office)
207.797.3833      (fax)
mailto:[EMAIL PROTECTED]
http://www.bluetarp.com

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to