SAD Out Of Sync w/ Multiple SAD After Cisco RV082 reboot - 1.2.3
-
Hey Guys,
I have been googling/searching ths ofumr and I have tried pretty much everything. When I bounce my RV082 the tunnel does not come back and Multiple SAD gets created on the pfsense side. When this occurs I cannot ping across the tunnel. The only way to get it to come back up is by deleting all of the SAD manually. All of my config matches up, I have Keep-Alive/DPD enabled on RV082 and Keep-Alive/DPD enabled on pfsense. Any ideas? I'm really out of ideas and it is driving me crazy. I have tried almost every encryption algorithm with the same results.
Here is my config:
Phase 1
Negotiation: Main
Enc Alg: AES-256
Hash Alg: SHA1
DH: 1
Lifetime: 28800
Auth Method: Pre-sharedPhase2
Protocol: ESP
Enc Alg: AES-256
Hash Alg: SHA1
Group: 1
Lifetime: 3600
Keep Alive: remote subnet gateway addressThanks
-
DPD doesn't always work reliably in 1.2.3. It does in 2.x, you'll have to upgrade.
-
@cmb:
DPD doesn't always work reliably in 1.2.3. It does in 2.x, you'll have to upgrade.
aaaah, ok. I will contact our hosting provider and have it upgraded. Thanks
EDIT: I found I can use the auto-upgrade function. Is this the best way to get the most recent/stable version?
-
K, I'm now on 2.0.1 and still having to manually delete the SAD to get the tunnel going again.
Getting the following error:
racoon: ERROR: pfkey DELETE received: ESP
Also, When I go into SAD and select the one that has '0' for data, the tunnel comes up. This is happening with and without prefer old on.
-
DEployed pfsense to all of my branches and it works fine. Done dealio.
-
How did you solve this problem? I have a similar one with another Cisco Firewall and 2.0.1.
-
How did you solve this problem? I have a similar one with another Cisco Firewall and 2.0.1.
I fixed it by getting rid of my Cisco devices and deploying Pfsense. I got tired of the issues I kept seeing with Ciscos supposed "great' equipment. Found a couple spare boxes, thru in some NIC's and all my sites are stable.