Manual SAD disconnect required if internet connection hiccups
-
If the pfSense reboots…the Cisco VPN concentrator can re-establish the connection but if the Cisco VPN Concentrator reboots I have to manually disconnect the 2 SAD's for the VPN tunnel in order to get it to re-establish connectivity. Is there a way to have it reset automatically after a specified amount of time like a timeout? Cron job? Any suggestions would be helpful. Running 1.2.2 on Alix Box from Netgate.
Thanks,
Mark
-
Using: ESP 3des-cbc hmac-sha1
-
What does your IPSec log show for the failed/failing connections?
-
Will force a failure and report back. Also read that Dead Peer Detection is not a feature in the current build 1.2.2 and that a PHP script needs to be modified. I will also post my configs incase I am missing something. I read somewhere about the PF key needing to be 2 but that was also at 3 AM…kinda burry by then.
-
Here is the pfsense config. Cisco config will follow.
-
Here is Cisco. IKE and SA details to follow.
-
Here is IKE and SA
-
The IPSEC log does not show anything after I reboot the other firewall. Only when I delete the SAD entries does it come back. I found this post but I am hestant to start playing with the code. Is the following article the only way to deal with this type of issue?
-
Tried the suggestion and modified the vpn.inc file but it still is unable to bring the tunnel back up.