We are building an onsite network here and we are using PFSense 2.0 as our firewall. We have no trouble connecting to various services and other VPNs but for some reason we cannot connect using cisco's IPSec VPN client -- either the cisco branded one or the native one on linux or OSX. The handshake portion of the connection times out and users are never even prompted to authenticate.
We have confirmed that there is not an upstream routing issue -- when connected directly through the wan or even through a different NAT gateway things work as expected so we are fairly certain it is a setting on the PFSense boxes.
I've tried various internet searches to come up with an angle but most focus on making a point to point VPN with PFSense rather than client connection issues. Is this something anyone has seen and more important solved?
I had a similar cisco vpn client connection problem this morning after an update to pfsense 2.0.3-RELEASE (amd64):: Our problem was that a working cisco vpn client on an earlier version of pfsense 2.0.1-RELEASE (amd64) functioned even with the "Transport" option set to "Enable Transparent Tunneling"
Now with the ver 2.0.3-RELEASE i have to diable this to get the cicso vpn client to work with retun packets comming in! You can verify this if you are able to connect and get no or ZERO return packets, then try to MODIFY your cisco client setup to (DISABLE) turn off the Transparent Tunneling and check if you get Return packets in the statistics once connected.
check the link below from pfsense documents website which talks about this issue.
http://doc.pfsense.org/index.php/Cisco_VPN_pass_through_not_working_when_behind_pfSense
I'm having this same issue. Following that pfsense document allowed the VPN to connect, but no traffic was going through the remote LAN. The answer for me was to also add a firewall rule on my pfsense LAN to destination of the public VPN IP address on the other side of the established tunnel. I'm sure that this has something to do with the way my ISP at work has set up the VPN (managed by them). Hopefully this helps someone else with similar issues.
IPSec ist a standard. I dimly remember that Cisco's implementation differed a bit from the others which led to interesting errors.
If everything else was set up properly, changing the encryption settings is your best shot, at least that was what did the trick for us in the past.
Also with the update from 2.1 to 2.2 some tunnels simply stopped working. Basic IPSec fun...