IPSEC VPN with Cisco VPN Client

  • Hi all.  I am using the Cisco VPN client to connect to a remote VPN.  I just installed pfSense at our office and I can connect to the VPN but the connection drops out after about 20 minutes with the error "Secure VPN Connection terminated locally by the Client.  Reason 412: The remote peer is no longer responding."

    However, when I am home, where I don't have pfSense installed, (I have a Linksys WRT54G running DD-WRT firmware) I can connect and stay connected as long as I want.  I noticed that on my home router, there is an option to allow IPSEC Passthrough.  Is there a way I can do that with pfSense?

    I am running the  1.2-BETA-1-TESTING-SNAPSHOT-05-02-07  version of pfSense.


  • IPSEC passthrough is per default active.
    This sounds like your state times out.
    Do you have the option in the cisco client to enable keepalive pings?

  • According to the documentation in the Cisco VPN client, it sends a keepalive signal to keep the tunnel open.  There is a timeout option as well but even if I set it to the max value, it still gives me the same error.

    Thanks for the reply!

  • Hey all.  I am still having some trouble with this.  Another question I had was, if the VPN is passing IPSEC traffic as it should through the firewall, I should be able to go to the RRD graphs, click the traffic tab, and hit the drop down that says Graphs: and choose IPSEC and see some traffic shouldnt I?  Currently, I don't see where any IPSEC traffic has passed according to that graph… ???


  • This is not the same.
    The graph on the IPSEC-tab refers to tunnels recieved/initiated by pfSense NOT to connections created by clients behind pfSense.

  • Ahh…ok.  Thank you for the clarification.


  • Just to post the followup…

    I fixed the issue by connecting to the VPN, then opening a command prompt and setting ping to continuously ping a server on the network that I am connecting to.  This keeps the connection open and seems to fix the issue.  I don't think it was pfSense closing the connection, but I am not 100% positive.

    Thanks to all who were helping me!

  • This can usually be solved by enabling NAT-Traveral or IKE over TCP support in the Cisco VPN client. The gateway must also be configured to support this.

Log in to reply