4. Dynamic IP changes

Dynamic IP changes

  • M

    Curious

    pfSense is dynamic and intiates the VPN
    PIX is Static

    pfSense –----- INTERNET ------- PIX

    If the IP changes does pfsense clear the ipsec connection and intiated a new one?

    Why I am asking is once the IP changed the tunnel is broken which makes sense but it does not establish a new tunnel.

    On the PIX it is indicating that esp payload is coming from the new dynamic IP but is being dropped.

    Is the pfSense trying the establish the original tunnel and PIX sees that the remotes IP has changed so it denies the connection?

    And is there a fix to implement on the pfSense side (preferrably) or if not then on the PIX side.
    :-\

    0
  • H

    I think this is a problem on the pix. I have this scenario between seceral pfSense systems (dynamic to static) and the tunnel is reestablished just fine immediately.

    0
  • M

    The tunnel will come up immediately if I reboot.

    Is there a setting I can change on the pfSense to renegotiate the SAs after a denial from the other end?

    Or any other setting that may help re-establishing the tunnel or recreating a new one with having to restart.

    0
  • H

    try "Prefer old IPsec SAs  " from system>advanced and see if this has a positive effect on reestablishing the link.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy