VPN Phase 2 Entry For Static Routed Network
akindofmagic last edited by
Remote Office(Cisco ASA Firewall)
LAN - 10.50.0.0/24
This has an IPsec VPN to:
Head Office(pfSense V2.4.2.p1)
LAN - 10.10.0.0/24
Clients in Remote Office can access 10.10.0.0 and 10.150.0.0 via the VPN as phase 2 entries have been added:
Cisco <-> pfSense
10.50.0.0/24 <-> 10.10.0.0
10.50.0.0/24 <-> 10.150.0.0
pfSense OPT interface is connected to a routed network where 10.150.0.0/24 is available via a static route on the pfSense.
1. If the tunnel drops for any reason only the 10.50.0.0 to 10.10.0.0 phase 2 will re-establish by itself. The only way to re-establish both phase 2 is to MANUALLY drop the VPN from the pfSense console and initiate it from that end.
2. Traffic from 10.50.0.0 to 10.150.0.0 will not re-establish that phase 2.
Looking at the pfSense guides it looks like it can't send a keep alive for the 10.150.0.0 phase 2 entry because it doesn't have an interface directly on the 10.150.0.0 subnet. Obviously it can for the 10.10.0.0 entry.
1. Is there a way to make the pfSense establish the phase 2 for 10.50.0.0 to 10.150.0.0 when initiated from the Cisco end?
2. Is there a way to force the pfSense to re-connect automatically if a phase 2 entry drops?
3. Is there another way to solve the problems?
Thanks in advance…