Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec is not connecting automatically and does not reconnect by itself

    IPsec
    3
    4
    5.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      paulcsiki
      last edited by

      Hello everyone,

      I'm new to pfsense so take me easy  :D. I am connecting to a CISCO ASA IPSec VPN with my PFSense. Everything works well but I need to manually activate the tunnels before they connect. Also if the tunnels disconnect for some reason they don't automatically reconnect. Is there something I did wrong or is there something I can do to fix this problem?

      Thanks so much,
      Paul.

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        When you "manually activate", how/where are you doing that? IPsec doesn't come up on its own (with an ASA or pfsense), there has to be traffic matching the connection to activate it.

        Usually issues along the lines of what you're describing with an ASA is because the ASA is configured differently as a responder than an initiator. If the ASA is initiating the IPsec, it works, but not if pfsense is initiating (or sometimes vice versa).

        1 Reply Last reply Reply Quote 0
        • P
          paulcsiki
          last edited by

          Well I am clicking on the connect button for each phase 2 tunnel I see in the IPSec status page.

          1 Reply Last reply Reply Quote 0
          • J
            jonallport
            last edited by

            To clarify the 'bringing the tunnel up' point:

            All the 'connect' button does is to ping a node in the P2 subnet so the daemon will see this and bring the tunnel up for it.  It's no different than you pinging a remote node from a connected PC and the tunnel should come up if you do that.  If not then you have some troubleshooting to do.

            Next, in my experience the ASAs are a bit picky about who gets to initiate the tunnel.  Usually, setting 'Obey' in the P1 proposal checking will sort them out.  Basically you're saying that when the ASA responds, agree to do things their way from then on.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.