Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dynamic IP changes

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maynarja
      last edited by

      Curious

      pfSense is dynamic and intiates the VPN
      PIX is Static

      pfSense –----- INTERNET ------- PIX

      If the IP changes does pfsense clear the ipsec connection and intiated a new one?

      Why I am asking is once the IP changed the tunnel is broken which makes sense but it does not establish a new tunnel.

      On the PIX it is indicating that esp payload is coming from the new dynamic IP but is being dropped.

      Is the pfSense trying the establish the original tunnel and PIX sees that the remotes IP has changed so it denies the connection?

      And is there a fix to implement on the pfSense side (preferrably) or if not then on the PIX side.
      :-\

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        I think this is a problem on the pix. I have this scenario between seceral pfSense systems (dynamic to static) and the tunnel is reestablished just fine immediately.

        1 Reply Last reply Reply Quote 0
        • M
          maynarja
          last edited by

          The tunnel will come up immediately if I reboot.

          Is there a setting I can change on the pfSense to renegotiate the SAs after a denial from the other end?

          Or any other setting that may help re-establishing the tunnel or recreating a new one with having to restart.

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            try "Prefer old IPsec SAs  " from system>advanced and see if this has a positive effect on reestablishing the link.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.