Issue with mobile and multiple subnets (multiple phase 2)

IPsec
Log in to reply
  • C

    Hi,

    I've setup a "IPsec mobile clients" configuration.
    Mobile client is a 5 years old Cyberguard SG 300 firewall which does not support xauth.

    The tunnel works fine if I configure a single subnet (phase 2) to allow access to pfSense LAN.
    Adding a second subnet (phase 2) to allow access to DMZ seems to work, but after about 10 seconds the tunnel goes down, renegotiate and restart. This repeats forever.

    Are multiple subnets / phase 2 supported with "mobile clients"?

    Regards,
      Corrado

    0
  • jimp
    Rebel Alliance Developer Netgate

    If it is a remote firewall, why are you using mobile to connect? It should be a normal site-to-site tunnel, not mobile. That hasn't really been supported since 1.2.x and even then it didn't work well.

    Use a normal tunnel + dyndns if the remote has a dynamic IP. Don't use mobile for site-to-site.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy