pfSense to Cisco IPSEC Tunnel

pFSense config


b a

Cisco Config

Replace GigabitEthernet0/0 for your interface

Replace list 100 for your NAT list

Replace the Key and IP’s

Update the Access list to reflect your subnet’s

crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key XXXX address no-xauth
crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
crypto map PFSVPN 15 ipsec-isakmp
set peer
set transform-set 3DES-SHA
set pfs group2
match address encrypt-to-dc

interface GigabitEthernet0/0
Description WAN Interface
crypto map PFSVPN

ip nat inside source list 100 interface GigabitEthernet0/0 overload

access-list 100 deny   ip
access-list 100 permit ip any

ip access-list extended encrypt-to-dc
 permit ip