IPSEC Online for 15-20 seconds then needs cycling.
-
Another frustrating IPSEC problem.
I have an IPSEC tunnel from my pfSense box at home to my Sonicwall Pro 3060 at the office. Everything has been working fine for 2-3 months. I haven't signed onto my pfSense box in over a month and I also adminster the SonicWALL at the other end. No changes have been made.
I notice today my tunnel is down, so I disable IPSEC and re-enable, the tunnel comes up fine and I can ping nodes on the other end for maybe 15 seconds. Then it goes down. Rinse and repeat and I can ping again, then it goes down. I've confirmed the settings at both ends (despite nothing being changed). I've re-created the profile on the pfSense box.
Any ideas why randomly the tunnel would keep going down but work for 15-20 seconds everytime IPSEC is cycled?
And yes both ends have been rebooted.
-
I should clarify. When the tunnel goes "down" pfSense still reports it up. I just can no longer ping anything at the other end.
-
Under System > Advanced, try to check the option to prefer old IPsec SAs.
I have to do that with some other devices such as Watchguard Fireboxes or Linksys routers or I see the same behavior.
Failing that, post the contents of your IPsec log from the initial working tunnel connection to the point where it is dead.
-
Enabling old IPSec SA did the trick.
Much appreciated.
Bit odd I hadn't enabled this for the past 3 months and no issues untill recently.