It definitely works we use it Send your xml for ipsec and I could helpu a little hard for me to understand the cisco config.
Maybe you could provide a detailed explaination of what exactly you are trying to do > -----Original Message----- > From: Jan Ślusarczyk [mailto:[EMAIL PROTECTED] > Sent: 24 October 2005 20:18 > To: [email protected] > Subject: [pfSense-discussion] IPSEC tunnel, external address > > Is it possible to tunnel an outside IP through the IPSec on pfSense? > > I've had the following configuration on my PIX: > > Remote side: > Tunnel target was public address X.X.2.67 > Tunnel gateway was public address X.X.102.135 > > Local side: > Tunnel gateway (Cisco PIX): Public address Y.Y.75.186 > Tunnel target: Public address Y.Y.75.190 redirected statically from inside > 192.168.6.190. This was done so, because my inside network addresses would > overlap with subnet configured on the remote device. > > It worked pretty well, although the setup was a little counterintuitive > for > me. I've tried to replicate this setup with pfSense and the Tunnel starts > fine, but the inside host 192.168.6.190 (NATed 1:1 and with Virtual IP) > doesn't use the channel when contacting the remote address X.X.2.67... > > Below is a stripped configuration from PIX... > > Regards > Jan > > > name X.X.96.67 Plus2 > name X.X.X.190 IPSecZewn > > access-list ipsec-pogram permit ip host IPSecZewn host Plus1 > access-list ipsec-pogram permit ip host IPSecZewn host Plus2 > access-list ipsec-pogram permit ip host IPSecZewn host Plus3 > > static (inside,outside) IPSecZewn Serwer1_190 netmask 255.255.255.255 0 0 > > static (inside,outside) X.X.X.184 Serwer1_184 netmask 255.255.255.255 0 0 > > crypto ipsec transform-set plus-3des-sha esp-3des esp-sha-hmac > > crypto map internet 820 ipsec-isakmp > crypto map internet 820 match address ipsec-pogram > crypto map internet 820 set pfs group2 > crypto map internet 820 set peer X.X.102.235 > crypto map internet 820 set transform-set plus-3des-sha > > isakmp enable outside > isakmp key ******* address X.X.102.235 netmask 255.255.255.255 no-xauth > no-config-mode > > isakmp identity address > isakmp policy 10 authentication pre-share > isakmp policy 10 encryption des > isakmp policy 10 hash md5 > isakmp policy 10 group 2 > isakmp policy 10 lifetime 86400 > isakmp policy 20 authentication pre-share > isakmp policy 20 encryption 3des > isakmp policy 20 hash md5 > isakmp policy 20 group 2 > isakmp policy 20 lifetime 86400 > isakmp policy 30 authentication pre-share > isakmp policy 30 encryption 3des > isakmp policy 30 hash sha > isakmp policy 30 group 2 > isakmp policy 30 lifetime 86400 > >
