Yes I know that link and I checked my config and seems to be ok. The cisco side is:
crypto isakmp policy 10 encr 3des authentication pre-share group 2 lifetime 3600 crypto isakmp key xxxxxxxx address 11.22.33.44 no-xauth crypto isakmp invalid-spi-recovery crypto isakmp keepalive 10 ! ! crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac ! crypto map PFSVPN 15 ipsec-isakmp description VPN IPSEC contra PFSense FW1 set peer 11.22.33.44 set security-association lifetime seconds 28800 set transform-set 3DES-SHA set pfs group2 match address 100 and in the pfsense side... under Phase 1 proposal (Authentication) I have 28800 seconds as lifetime under Phase 2 proposal (SA/Key Exchange) I have 3600 seconds as lifetime I don't see clearly if those values are correct located against my cisco configuration. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
