VPN Phase 2 Entry For Static Routed Network

  • Hi,

    Remote Office(Cisco ASA Firewall)
    LAN -

    This has an IPsec VPN to:

    Head Office(pfSense V2.4.2.p1)
    LAN -

    Clients in Remote Office can access and via the VPN as phase 2 entries have been added:
    Cisco        <-> pfSense <-> <->

    pfSense OPT interface is connected to a routed network where is available via a static route on the pfSense.

    1. If the tunnel drops for any reason only the to phase 2 will re-establish by itself.  The only way to re-establish both phase 2 is to MANUALLY drop the VPN from the pfSense console and initiate it from that end.
    2. Traffic from to will not re-establish that phase 2.

    Looking at the pfSense guides it looks like it can't send a keep alive for the phase 2 entry because it doesn't have an interface directly on the subnet.  Obviously it can for the entry.

    1. Is there a way to make the pfSense establish the phase 2 for to when initiated from the Cisco end?
    2. Is there a way to force the pfSense to re-connect automatically if a phase 2 entry drops?
    3. Is there another way to solve the problems?

    Thanks in advance…

Log in to reply