IPSEC VPN with Cisco VPN Client
-
Hi all. I am using the Cisco VPN client to connect to a remote VPN. I just installed pfSense at our office and I can connect to the VPN but the connection drops out after about 20 minutes with the error "Secure VPN Connection terminated locally by the Client. Reason 412: The remote peer is no longer responding."
However, when I am home, where I don't have pfSense installed, (I have a Linksys WRT54G running DD-WRT firmware) I can connect and stay connected as long as I want. I noticed that on my home router, there is an option to allow IPSEC Passthrough. Is there a way I can do that with pfSense?
I am running the 1.2-BETA-1-TESTING-SNAPSHOT-05-02-07 version of pfSense.
Thanks,
REM2500 -
IPSEC passthrough is per default active.
This sounds like your state times out.
Do you have the option in the cisco client to enable keepalive pings? -
According to the documentation in the Cisco VPN client, it sends a keepalive signal to keep the tunnel open. There is a timeout option as well but even if I set it to the max value, it still gives me the same error.
Thanks for the reply!
REM2500 -
Hey all. I am still having some trouble with this. Another question I had was, if the VPN is passing IPSEC traffic as it should through the firewall, I should be able to go to the RRD graphs, click the traffic tab, and hit the drop down that says Graphs: and choose IPSEC and see some traffic shouldnt I? Currently, I don't see where any IPSEC traffic has passed according to that graph… ???
Thanks,
REM2500 -
This is not the same.
The graph on the IPSEC-tab refers to tunnels recieved/initiated by pfSense NOT to connections created by clients behind pfSense. -
Ahh…ok. Thank you for the clarification.
REM2500
-
Just to post the followup…
I fixed the issue by connecting to the VPN, then opening a command prompt and setting ping to continuously ping a server on the network that I am connecting to. This keeps the connection open and seems to fix the issue. I don't think it was pfSense closing the connection, but I am not 100% positive.
Thanks to all who were helping me!
REM2500 -
This can usually be solved by enabling NAT-Traveral or IKE over TCP support in the Cisco VPN client. The gateway must also be configured to support this.
