Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC VPN with Cisco VPN Client

    Scheduled Pinned Locked Moved IPsec
    8 Posts 3 Posters 8.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rem2500
      last edited by

      Hi all.  I am using the Cisco VPN client to connect to a remote VPN.  I just installed pfSense at our office and I can connect to the VPN but the connection drops out after about 20 minutes with the error "Secure VPN Connection terminated locally by the Client.  Reason 412: The remote peer is no longer responding."

      However, when I am home, where I don't have pfSense installed, (I have a Linksys WRT54G running DD-WRT firmware) I can connect and stay connected as long as I want.  I noticed that on my home router, there is an option to allow IPSEC Passthrough.  Is there a way I can do that with pfSense?

      I am running the  1.2-BETA-1-TESTING-SNAPSHOT-05-02-07  version of pfSense.

      Thanks,
      REM2500

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        IPSEC passthrough is per default active.
        This sounds like your state times out.
        Do you have the option in the cisco client to enable keepalive pings?

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • R
          rem2500
          last edited by

          According to the documentation in the Cisco VPN client, it sends a keepalive signal to keep the tunnel open.  There is a timeout option as well but even if I set it to the max value, it still gives me the same error.

          Thanks for the reply!
          REM2500

          1 Reply Last reply Reply Quote 0
          • R
            rem2500
            last edited by

            Hey all.  I am still having some trouble with this.  Another question I had was, if the VPN is passing IPSEC traffic as it should through the firewall, I should be able to go to the RRD graphs, click the traffic tab, and hit the drop down that says Graphs: and choose IPSEC and see some traffic shouldnt I?  Currently, I don't see where any IPSEC traffic has passed according to that graph… ???

            Thanks,
            REM2500

            1 Reply Last reply Reply Quote 0
            • GruensFroeschliG
              GruensFroeschli
              last edited by

              This is not the same.
              The graph on the IPSEC-tab refers to tunnels recieved/initiated by pfSense NOT to connections created by clients behind pfSense.

              We do what we must, because we can.

              Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

              1 Reply Last reply Reply Quote 0
              • R
                rem2500
                last edited by

                Ahh…ok.  Thank you for the clarification.

                REM2500

                1 Reply Last reply Reply Quote 0
                • R
                  rem2500
                  last edited by

                  Just to post the followup…

                  I fixed the issue by connecting to the VPN, then opening a command prompt and setting ping to continuously ping a server on the network that I am connecting to.  This keeps the connection open and seems to fix the issue.  I don't think it was pfSense closing the connection, but I am not 100% positive.

                  Thanks to all who were helping me!
                  REM2500

                  1 Reply Last reply Reply Quote 0
                  • M
                    mgrooms
                    last edited by

                    This can usually be solved by enabling NAT-Traveral or IKE over TCP support in the Cisco VPN client. The gateway must also be configured to support this.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.