IPSec is not connecting automatically and does not reconnect by itself

  • Hello everyone,

    I'm new to pfsense so take me easy  :D. I am connecting to a CISCO ASA IPSec VPN with my PFSense. Everything works well but I need to manually activate the tunnels before they connect. Also if the tunnels disconnect for some reason they don't automatically reconnect. Is there something I did wrong or is there something I can do to fix this problem?

    Thanks so much,

  • When you "manually activate", how/where are you doing that? IPsec doesn't come up on its own (with an ASA or pfsense), there has to be traffic matching the connection to activate it.

    Usually issues along the lines of what you're describing with an ASA is because the ASA is configured differently as a responder than an initiator. If the ASA is initiating the IPsec, it works, but not if pfsense is initiating (or sometimes vice versa).

  • Well I am clicking on the connect button for each phase 2 tunnel I see in the IPSec status page.

  • To clarify the 'bringing the tunnel up' point:

    All the 'connect' button does is to ping a node in the P2 subnet so the daemon will see this and bring the tunnel up for it.  It's no different than you pinging a remote node from a connected PC and the tunnel should come up if you do that.  If not then you have some troubleshooting to do.

    Next, in my experience the ASAs are a bit picky about who gets to initiate the tunnel.  Usually, setting 'Obey' in the P1 proposal checking will sort them out.  Basically you're saying that when the ASA responds, agree to do things their way from then on.

Log in to reply