IPSEC not passing traffic after CARP fail over or restart
-
I have 14 IPSEC tunnels from my pfSense to CISCO ASAs at each site. When I get the tunnels established they work great until one of the pfSense servers stops the tunnels, which could be CARP or a reboot. When the tunnels come back up, on either pfSense server they go green but no traffic is passed. I have to log into each remote ASA and bounce them, once, twice maybe three times before they establish the tunnel and pass traffic.
The kicker is that I have 2 tunnels to each site. One is a 10.0.0.0/23 and the other is a 172.16.100/24 (assigned to OpenVPN) and the second (172.) works flawlessly every time. Both tunnels are configured the exact same way from an IPSEC settings perspective on each end.
Any help in narrowing my search would be very helpful and thank you for your time.
Configuration Overview
##Tunnel 1##
Remote Site
10.0.X.0/24
Cisco ASA
External IP
|
|
|
External IP (CARP)
pfSense <– I have two syncing
10.0.0.0/23 <-- LAN Side of pfSense##Tunnel 2## Works evertime
Remote Site
10.0.X.0/24
Cisco ASA
External IP
|
|
|
External IP (CARP)
pfSense <-- I have two syncing
172.16.100.0/24 <-- Assigned to OpenVPN
10.0.0.0/23 <-- LAN Side of pfSense