Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Dynamic IP changes

    IPsec
    2
    4
    2285
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maynarja last edited by

      Curious

      pfSense is dynamic and intiates the VPN
      PIX is Static

      pfSense –----- INTERNET ------- PIX

      If the IP changes does pfsense clear the ipsec connection and intiated a new one?

      Why I am asking is once the IP changed the tunnel is broken which makes sense but it does not establish a new tunnel.

      On the PIX it is indicating that esp payload is coming from the new dynamic IP but is being dropped.

      Is the pfSense trying the establish the original tunnel and PIX sees that the remotes IP has changed so it denies the connection?

      And is there a fix to implement on the pfSense side (preferrably) or if not then on the PIX side.
      :-\

      1 Reply Last reply Reply Quote 0
      • H
        hoba last edited by

        I think this is a problem on the pix. I have this scenario between seceral pfSense systems (dynamic to static) and the tunnel is reestablished just fine immediately.

        1 Reply Last reply Reply Quote 0
        • M
          maynarja last edited by

          The tunnel will come up immediately if I reboot.

          Is there a setting I can change on the pfSense to renegotiate the SAs after a denial from the other end?

          Or any other setting that may help re-establishing the tunnel or recreating a new one with having to restart.

          1 Reply Last reply Reply Quote 0
          • H
            hoba last edited by

            try "Prefer old IPsec SAs  " from system>advanced and see if this has a positive effect on reestablishing the link.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy