Межсайтовый IPSec между pfSense и Cisco ASA

Я пытаюсь создать туннель IPSec между сайтами между моим pfSense и межсетевым экраном / маршрутизатором Cisco ASA.

На стороне pfSense диапазон IP-адресов LAN составляет 10.3.0.0/14. pfSense имеет 3 интерфейса:

• LAN ->10.0.0.1/14
• WAN ->x.x.48.78/24
• OPT1 ->10.139.136.178/29

Со стороны Cisco диапазон их частных IP-адресов составляет 10.248.65.0/22

IPSec, этап 1

• Версия обмена ключами = V1
• Интернет-протокол = IPv4
• Интерфейс = x.x.48.78
• Удаленный шлюз = [общедоступный IP-адрес Cisco]
• Метод аутентификации = взаимный PSK
• Режим согласования = Основной
• Мой идентификатор = Мой IP-адрес
• Идентификатор узла = IP-адрес узла
• Предварительный общий ключ = [секрет]
• Алгоритм шифрования = 3DES (да, я знаю, что он слабый)
• Алгоритм хеширования = SHA1
• Группа DH = 2
• Время жизни (секунды) = 28800
• NAT Traversal = Авто
• Обнаружение мертвого узла = Включить DOD
• Задержка = 10
• Максимальное количество отказов = 5

IPSec, фаза 2

• Режим = Туннельный IPv4
• Локальная сеть = подсеть LAN
• NAT / BINAT перевод = Нет
• Удаленная сеть = 10.248.65.0/22
• Протокол = ESP
• Алгоритмы шифрования = 3DES
• Алгоритмы хеширования = SHA1
• Группа ключей PFS = 2
• Срок службы = 3600

Когда я пытаюсь установить туннель из pfSense, второе соединение устанавливается, а затем разрывается. Когда я смотрю журналы IPSec, я вижу что-то вроде этого (снизу вверх):

07[IKE] <con1000|16> deleting IKE_SA con1000[16] between x.x.48.78[x.x.48.78]...[public IP of Cisco][[public IP of Cisco]]
07[IKE] <con1000|16> received DELETE for IKE_SA con1000[16]
07[ENC] <con1000|16> parsed INFORMATIONAL_V1 request 3634372393 [ HASH D ]
07[NET] <con1000|16> received packet: from [public IP of Cisco][500] to x.x.48.78[500] (84 bytes)
11[IKE] <con1000|16> received INVALID_ID_INFORMATION error notify
11[ENC] <con1000|16> parsed INFORMATIONAL_V1 request 2181947022 [ HASH N(INVAL_ID) ]
11[NET] <con1000|16> received packet: from [public IP of Cisco][500] to x.x.48.78[500] (692 bytes)
11[ENC] <con1000|16> received fragment #2, reassembling fragmented IKE message
11[IKE] <con1000|16> INFORMATIONAL_V1 request with message ID 2181947022 processing failed
11[IKE] <con1000|16> ignore malformed INFORMATIONAL request
11[IKE] <con1000|16> integrity check failed
11[ENC] <con1000|16> could not decrypt payloads
11[ENC] <con1000|16> payload type FRAGMENT was not encrypted
11[NET] <con1000|16> received packet: from [public IP of Cisco][500] to x.x.48.78[500] (216 bytes)
07[ENC] <con1000|16> received fragment #1, waiting for complete IKE message
07[IKE] <con1000|16> INFORMATIONAL_V1 request with message ID 2181947022 processing failed
07[IKE] <con1000|16> ignore malformed INFORMATIONAL request
07[IKE] <con1000|16> integrity check failed
07[ENC] <con1000|16> could not decrypt payloads
07[ENC] <con1000|16> payload type FRAGMENT was not encrypted
07[NET] <con1000|16> received packet: from [public IP of Cisco][500] to x.x.48.78[500] (548 bytes)
11[NET] <con1000|16> sending packet: from x.x.48.78[500] to [public IP of Cisco][500] (176 bytes)
11[NET] <con1000|16> sending packet: from x.x.48.78[500] to [public IP of Cisco][500] (548 bytes)
11[ENC] <con1000|16> generating ID_PROT request 0 [ FRAG(2/2) ]
11[ENC] <con1000|16> generating ID_PROT request 0 [ FRAG(1) ]
11[ENC] <con1000|16> splitting IKE message with length of 652 bytes into 2 fragments
11[ENC] <con1000|16> generating QUICK_MODE request 2079340946 [ HASH SA No KE ID ID ]
11[IKE] <con1000|16> maximum IKE_SA lifetime 28698s
11[IKE] <con1000|16> scheduling reauthentication in 28158s
11[IKE] <con1000|16> IKE_SA con1000[16] established between x.x.48.78[x.x.48.78]...[public IP of Cisco][[public IP of Cisco]]
11[IKE] <con1000|16> received DPD vendor ID
11[ENC] <con1000|16> parsed ID_PROT response 0 [ ID HASH V ]
11[NET] <con1000|16> received packet: from [public IP of Cisco][500] to x.x.48.78[500] (84 bytes)
11[NET] <con1000|16> sending packet: from x.x.48.78[500] to [public IP of Cisco][500] (100 bytes)
11[ENC] <con1000|16> generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
11[ENC] <con1000|16> received unknown vendor ID: 1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
11[ENC] <con1000|16> received unknown vendor ID: 50:5e:26:5a:d5:6d:4e:bb:c0:33:d7:50:d5:f5:be:99
11[IKE] <con1000|16> received XAuth vendor ID
11[IKE] <con1000|16> received Cisco Unity vendor ID
11[ENC] <con1000|16> parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
11[NET] <con1000|16> received packet: from [public IP of Cisco][500] to x.x.48.78[500] (304 bytes)
15[NET] <con1000|16> sending packet: from x.x.48.78[500] to [public IP of Cisco][500] (244 bytes)
15[ENC] <con1000|16> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
15[IKE] <con1000|16> received FRAGMENTATION vendor ID
15[IKE] <con1000|16> received NAT-T (RFC 3947) vendor ID
15[ENC] <con1000|16> parsed ID_PROT response 0 [ SA V V ]
15[NET] <con1000|16> received packet: from [public IP of Cisco][500] to x.x.48.78[500] (124 bytes)
15[NET] <con1000|15> sending packet: from x.x.48.78[500] to [public IP of Cisco][500] (176 bytes)
15[ENC] <con1000|15> generating ID_PROT request 0 [ SA V V V V V ]
15[IKE] <con1000|15> initiating Main Mode IKE_SA con1000[16] to [public IP of Cisco]

Кто-нибудь знает, почему Cisco не любит мой pfSense и убивает соединение?