pfSense to Cisco IPSEC Tunnel

pFSense config

c

b a

Cisco Config

Replace GigabitEthernet0/0 for your interface

Replace list 100 for your NAT list

Replace the Key and IP’s

Update the Access list to reflect your subnet’s

!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key XXXX address 1.2.3.4 no-xauth
!
!
crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
!
crypto map PFSVPN 15 ipsec-isakmp
set peer 1.2.3.4
set transform-set 3DES-SHA
set pfs group2
match address encrypt-to-dc
!

interface GigabitEthernet0/0
Description WAN Interface
...
crypto map PFSVPN

ip nat inside source list 100 interface GigabitEthernet0/0 overload

access-list 100 deny   ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 100 permit ip 192.168.20.0 0.0.0.255 any

ip access-list extended encrypt-to-dc
 permit ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255
!