Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1035
Views
0
Helpful
9
Replies

Connecting peer to peer pfsesnse cisco router IPSEC

bronzenetworker
Level 1
Level 1

‎05-24-2024 05:55 AM

I get this error after setting up a ipsec connection with my router and pfsense firewall

ICU4-ROUTER-01#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
10.2.128.50 10.2.66.52 MM_NO_STATE 0 ACTIVE (deleted)

IPv6 Crypto ISAKMP SA

10.2.128.50 is the router WAN

10.2.66.52 is the WAN interface of the firewall

The idea is to connect a cloud environment with a office site network.

Shortly after the connection gets deleted, how do i solve this problem.

To setup the configuration i used this guide: https://www.cisco.com/c/en/us/support/docs/routers/1700-series-modular-access-routers/71462-rtr-l2l-ipsec-split.html

 

Labels:
0 Helpful
9 Replies 9

Mark Elsen
Hall of Fame
Hall of Fame

‎05-24-2024 06:11 AM

 

 -  Review these bug reports : https://bst.cloudapps.cisco.com/bugsearch?pf=prdNm&kw=MM_NO_STATE&bt=custV&sb=anfr

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

MHM Cisco World
VIP
VIP

‎05-24-2024 06:15 AM

Can you share router config 

MHM

0 Helpful

bronzenetworker
Level 1
Level 1
In response to MHM Cisco World

‎05-24-2024 07:16 AM

You need the complete, show running-config ?

0 Helpful

MHM Cisco World
VIP
VIP
In response to bronzenetworker

‎05-24-2024 07:24 AM

Yes' 

And 

Debug crypto isakmp 

MHM

0 Helpful

MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎05-29-2024 03:33 AM

Sorry  I still wating ?

can you share the config to check it 

thanks

MHM

0 Helpful

bronzenetworker
Level 1
Level 1
In response to MHM Cisco World

‎05-29-2024 05:31 AM

I had nat inside to outside. I turned it off now since, I want the other firewall to do nat for me. But the problem is that my ipsec tunnel that I have established doesnt send network traffic through the tunnel.

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to bronzenetworker

‎05-29-2024 05:37 AM

Thanks for more detail 

Two issue I see

1- you need to exclude encrypt traffic from NAT 

Check this link

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/14132-ios-D.html

2- there is hsrp are you sure the traffic pass correctly through this router' i.e. this router is hsrp active?

Also are Peer is config to deal with two endpoint not one?

MHM

0 Helpful

bronzenetworker
Level 1
Level 1
In response to MHM Cisco World

‎05-29-2024 05:53 AM

I tried to share the config, for some reason i cant post it in the forum.

0 Helpful

MHM Cisco World
VIP
VIP
In response to bronzenetworker

‎05-29-2024 05:56 AM

No need I take look of config' and I notice two points I list above.

Check it

MHM

0 Helpful
Customers Also Viewed These Support Documents