Try to use aggressive mode on both ends. Also try to setup different identifiers (like combination of UFQDN and passkeyphrase. It looks to me that there is a problem with the identifier. Is one of the ends behind another NAT? Also what version are you running?
Holger > -----Original Message----- > From: cmaurand [mailto:[EMAIL PROTECTED] > Sent: Monday, September 18, 2006 5:28 PM > To: support@pfsense.com > Subject: [pfSense Support] pfsense to netgear ipsec vpn > > > Hello, > I'm a relative newbie to ipsec on pfsense. I'm trying to > establish an > ipsec vpn connection to a netgear FVS124G. I already have a > connection > going to a sonicwall and that runs fine. > > The configuration on the pfsense is > > remote ip address PSK = <the key> and they match > Interface = WAN (and its my primary address) > Local Subnet = LAN Subnet > remote subnet = 192.168.1.0/24 > remote gateway = <remote ip address> > Description = Charlotte Corporate > > Phase 1 > Negotiation mode = main > My identifier = My IP address > Encryption algorithm = 3DES > Hash algorithm = SHA1 > DH Key group = 2 (1024 bit) > lifetime = 86400 > Autentication Method = Pre-Shared Key > Pre-Shared Key = <my psk> > > Phase 2 (SA/Key Exchange) > Protocol = ESP > Encryption Algorithms = 3DES > Hash Algoritm = SHA1 > PFS key group = 2 (1024 bit) > Lifetime = 28800 > > On the Netgear IKE Policy > General > name = pwmtest > Direction/Type = Both Directions > Exchange Mode = Main Mode > Local > Select Local Gateway = Wan1 (69.whatever) > Local Identity type WAN IP Address > > Remote > Remote Host Configuration Record = None > Remote Identity Type = WAN IP > > IKE SA Parameters > Encryption Algorithm = 3DES > Authentication Algorithm = SHA1 > Authentication Method = Pre-shared Key > <my key> > Diffie-Hellman (DH) Group = Group 2 (1024 bit) > SA Life Time = 28800 > > On the Netgear VPN Policy > General > Policy Name = pwmtest > IKE Policy = pwmtest > Remote VPN Endpoint Type = IP Address > Remote VPN Endpoint IP Address = <my ip address> > Traffic Selector > Local IP = Subnet address > Start IP address = 192.168.1.0 > > Finish IP Address = N/A > Subnet Mask = 255.255.255.0 > Remote IP = Subnet address > Start IP Address = 10.0.0.0 > Finnish IP Address = n/a > Subnet Mask = 255.255.252.0 > > AH Conguration = unchecked > > ESP Configuration > Enable Encryption = checked = 3DES > Enable Authentication = checked = SHA-1 > > > From the pfsense I get: (some lines wrapped) > > racoon: INFO: respond new phase 1 negotiation: <local wan > ip>[500]<=><remote wan ip>[500] > racoon: ERROR: not acceptable Identity Protection mode > racoon: ERROR: not acceptable Identity Protection mode > > Thanks in advance > > -- > Curtis Maurand > Senior Network & Systems Engineer > BlueTarp Financial, Inc. > 443 Congress St. > 6th Floor > Portland, ME 04101 > 207.797.5900 x233 (office) > 207.797.3833 (fax) > mailto:[EMAIL PROTECTED] > http://www.bluetarp.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
