IPSEC not passing traffic after CARP fail over or restart

IPsec
Log in to reply
  • S

    I have 14 IPSEC tunnels from my pfSense to CISCO ASAs at each site. When I get the tunnels established they work great until one of the pfSense servers stops the tunnels, which could be CARP or a reboot. When the tunnels come back up, on either pfSense server they go green but no traffic is passed. I have to log into each remote ASA and bounce them, once, twice maybe three times before they establish the tunnel and pass traffic.

    The kicker is that I have 2 tunnels to each site. One is a 10.0.0.0/23 and the other is a 172.16.100/24 (assigned to OpenVPN) and the second (172.) works flawlessly every time. Both tunnels are configured the exact same way from an IPSEC settings perspective on each end.

    Any help in narrowing my search would be very helpful and thank you for your time.

    Configuration Overview

    ##Tunnel 1##
    Remote Site
    10.0.X.0/24
    Cisco ASA
    External IP
    |
    |
    |
    External IP (CARP)
    pfSense <– I have two syncing
    10.0.0.0/23 <-- LAN Side of pfSense

    ##Tunnel 2## Works evertime
    Remote Site
    10.0.X.0/24
    Cisco ASA
    External IP
    |
    |
    |
    External IP (CARP)
    pfSense <-- I have two syncing
    172.16.100.0/24 <-- Assigned to OpenVPN
    10.0.0.0/23 <-- LAN Side of pfSense

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy