VPN Phase 2 Entry For Static Routed Network

akindofmagic

Hi,

Scenario:
Remote Office(Cisco ASA Firewall)
LAN - 10.50.0.0/24

This has an IPsec VPN to:

Head Office(pfSense V2.4.2.p1)
LAN - 10.10.0.0/24

Clients in Remote Office can access 10.10.0.0 and 10.150.0.0 via the VPN as phase 2 entries have been added:
Cisco        <-> pfSense
10.50.0.0/24 <-> 10.10.0.0
10.50.0.0/24 <-> 10.150.0.0

pfSense OPT interface is connected to a routed network where 10.150.0.0/24 is available via a static route on the pfSense.

Problem:
1. If the tunnel drops for any reason only the 10.50.0.0 to 10.10.0.0 phase 2 will re-establish by itself.  The only way to re-establish both phase 2 is to MANUALLY drop the VPN from the pfSense console and initiate it from that end.
2. Traffic from 10.50.0.0 to 10.150.0.0 will not re-establish that phase 2.

Looking at the pfSense guides it looks like it can't send a keep alive for the 10.150.0.0 phase 2 entry because it doesn't have an interface directly on the 10.150.0.0 subnet.  Obviously it can for the 10.10.0.0 entry.

Questions:
1. Is there a way to make the pfSense establish the phase 2 for 10.50.0.0 to 10.150.0.0 when initiated from the Cisco end?
2. Is there a way to force the pfSense to re-connect automatically if a phase 2 entry drops?
3. Is there another way to solve the problems?

Thanks in advance…