Hello,
I am currently trying to setup IPSec tunnel between a pfSense router and a Windows Server 2008R2 (The windows server is located behind a router with NAT enable).
First of all, I found two different ways to configure IPsec on Windows :
1) Through Windows Firewall with advanced Security
2) Through IPSec snap-in into MMC.
Which one should I use ?
Well, anyhow I got some troubles to negotiate phase1. By analyzing packets, it turns out that Windows server always return a NO_PROPOSAL_CHOSEN error code.
My settings for phase1 (on both sides):
Authentication method: PSK
Negotiation mode: main
Encryption: 3DES
Hash: SHA1
DH Key group : 2 (1024)
Lifetime: 28800
(NAT-T Enabled on pfSense)
Finally, I noticed that it is possible to define peer identifiers on pfSense. Is it possible to do the same on the windows server or does it automatically use the IP addresses as peer identifiers ?
Any help would be greatly appreciated.
Best regards,