Solved: Problem establishing a IPSec VPN with SRP527W

maxxer.it · ‎03-04-2014

Hi.

I've a configuration like this:

192.168.15.0/24 SRP527W <-> internet <-> ROUTER [172.16.16.1] <1:1 NAT> pfSense (racoon vpn server) [172.16.16.2] 192.168.55.0/24

I've configured a VPN connection between the SRP and pfsense but the connection doesn't get establised because phase1 timeout. according to racoon the Remote Side not responding.

Before this, I've correctly established a VPN between this SRP and another pfsense box, but with a public IP address. From the same host I've another vpn to the pfsense box (172.16.16.1) correctly working.

These the settings on the SRP:

IKE Policy:

Exchange mode: aggressive

Enabled ID: Manual

Remote ID: 172.16.16.2

Encryption: 3DES

Authentication: MD5

DH Group: Group 2

PSK: mysharedkey

DPD: disabled

IPSec Policy:

Policy Type: auto policy

Remote endpoint: IP ADDRESS

IP: 172.16.16.2

SA Lifetime: 7800

Local and remote subnet setting according to the network setup above (192.168.x.x).

How can I check what's wrong? I struggled for several hours now and haven't managed to get out yet! Any help really welcome!

Thanks

mpyhala · ‎03-04-2014

Lorenzo,

Does the router at 172.16.16.1 allow all traffic to the pfsense VPN server when One-to-One NAT is enabled or do you have to create access rules? My guess is that the router is blocking the traffic.

- Marty

View solution in original post

mpyhala · ‎03-04-2014

Lorenzo,

Does the router at 172.16.16.1 allow all traffic to the pfsense VPN server when One-to-One NAT is enabled or do you have to create access rules? My guess is that the router is blocking the traffic.

- Marty

maxxer.it · ‎03-04-2014

(sorry I wrongly marked the reply as correct, but it's not. is it possible to undo?)

I have no control on the router at 172.16.16.1 but I've been told a 1:1 NAT has been applied.

To value that I have a working VPN configured to that host (but coming from another pfsense), so all forwards should be in place