Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SAD Out Of Sync w/ Multiple SAD After Cisco RV082 reboot - 1.2.3

    Scheduled Pinned Locked Moved IPsec
    7 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JuggalotusHeat
      last edited by

      Hey Guys,

      I have been googling/searching ths ofumr and I have tried pretty much everything. When I bounce my RV082 the tunnel does not come back and Multiple SAD gets created on the pfsense side. When this occurs I cannot ping across the tunnel. The only way to get it to come back up is by deleting all of the SAD manually. All of my config matches up, I have Keep-Alive/DPD enabled on RV082 and Keep-Alive/DPD enabled on pfsense. Any ideas? I'm really out of ideas and it is driving me crazy. I have tried almost every encryption algorithm with the same results.

      Here is my config:

      Phase 1
      Negotiation: Main
      Enc Alg: AES-256
      Hash Alg: SHA1
      DH: 1
      Lifetime: 28800
      Auth Method: Pre-shared

      Phase2
      Protocol: ESP
      Enc Alg: AES-256
      Hash Alg: SHA1
      Group: 1
      Lifetime: 3600
      Keep Alive: remote subnet gateway address

      Thanks

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        DPD doesn't always work reliably in 1.2.3. It does in 2.x, you'll have to upgrade.

        1 Reply Last reply Reply Quote 0
        • J
          JuggalotusHeat
          last edited by

          @cmb:

          DPD doesn't always work reliably in 1.2.3. It does in 2.x, you'll have to upgrade.

          aaaah, ok. I will contact our hosting provider and have it upgraded. Thanks

          EDIT: I found I can use the auto-upgrade function. Is this the best way to get the most recent/stable version?

          1 Reply Last reply Reply Quote 0
          • J
            JuggalotusHeat
            last edited by

            K, I'm now on 2.0.1 and still having to manually delete the SAD to get the tunnel going again.

            Getting the following error:

            racoon: ERROR: pfkey DELETE received: ESP

            Also, When I go into SAD and select the one that has '0' for data, the tunnel comes up. This is happening with and without prefer old on.

            1 Reply Last reply Reply Quote 0
            • J
              JuggalotusHeat
              last edited by

              DEployed pfsense to all of my branches and it works fine. Done dealio.

              1 Reply Last reply Reply Quote 0
              • L
                lsens
                last edited by

                How did you solve this problem? I have a similar one with another Cisco Firewall and 2.0.1.

                1 Reply Last reply Reply Quote 0
                • J
                  JuggalotusHeat
                  last edited by

                  @lsens:

                  How did you solve this problem? I have a similar one with another Cisco Firewall and 2.0.1.

                  I fixed it by getting rid of my Cisco devices and deploying Pfsense. I got tired of the issues I kept seeing with Ciscos supposed "great' equipment. Found a couple spare boxes, thru in some NIC's and all my sites are stable.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.