4. IPSEC VPN with Cisco VPN Client

IPSEC VPN with Cisco VPN Client

  • R

    Hi all.  I am using the Cisco VPN client to connect to a remote VPN.  I just installed pfSense at our office and I can connect to the VPN but the connection drops out after about 20 minutes with the error "Secure VPN Connection terminated locally by the Client.  Reason 412: The remote peer is no longer responding."

    However, when I am home, where I don't have pfSense installed, (I have a Linksys WRT54G running DD-WRT firmware) I can connect and stay connected as long as I want.  I noticed that on my home router, there is an option to allow IPSEC Passthrough.  Is there a way I can do that with pfSense?

    I am running the  1.2-BETA-1-TESTING-SNAPSHOT-05-02-07  version of pfSense.

    Thanks,
    REM2500

    0

  • IPSEC passthrough is per default active.
    This sounds like your state times out.
    Do you have the option in the cisco client to enable keepalive pings?

    0
  • R

    According to the documentation in the Cisco VPN client, it sends a keepalive signal to keep the tunnel open.  There is a timeout option as well but even if I set it to the max value, it still gives me the same error.

    Thanks for the reply!
    REM2500

    0
  • R

    Hey all.  I am still having some trouble with this.  Another question I had was, if the VPN is passing IPSEC traffic as it should through the firewall, I should be able to go to the RRD graphs, click the traffic tab, and hit the drop down that says Graphs: and choose IPSEC and see some traffic shouldnt I?  Currently, I don't see where any IPSEC traffic has passed according to that graph… ???

    Thanks,
    REM2500

    0

  • This is not the same.
    The graph on the IPSEC-tab refers to tunnels recieved/initiated by pfSense NOT to connections created by clients behind pfSense.

    0
  • R

    Ahh…ok.  Thank you for the clarification.

    REM2500

    0
  • R

    Just to post the followup…

    I fixed the issue by connecting to the VPN, then opening a command prompt and setting ping to continuously ping a server on the network that I am connecting to.  This keeps the connection open and seems to fix the issue.  I don't think it was pfSense closing the connection, but I am not 100% positive.

    Thanks to all who were helping me!
    REM2500

    0
  • M

    This can usually be solved by enabling NAT-Traveral or IKE over TCP support in the Cisco VPN client. The gateway must also be configured to support this.

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy