Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC not passing traffic after CARP fail over or restart

    IPsec
    1
    1
    650
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      swiftburn
      last edited by

      I have 14 IPSEC tunnels from my pfSense to CISCO ASAs at each site. When I get the tunnels established they work great until one of the pfSense servers stops the tunnels, which could be CARP or a reboot. When the tunnels come back up, on either pfSense server they go green but no traffic is passed. I have to log into each remote ASA and bounce them, once, twice maybe three times before they establish the tunnel and pass traffic.

      The kicker is that I have 2 tunnels to each site. One is a 10.0.0.0/23 and the other is a 172.16.100/24 (assigned to OpenVPN) and the second (172.) works flawlessly every time. Both tunnels are configured the exact same way from an IPSEC settings perspective on each end.

      Any help in narrowing my search would be very helpful and thank you for your time.

      Configuration Overview

      ##Tunnel 1##
      Remote Site
      10.0.X.0/24
      Cisco ASA
      External IP
      |
      |
      |
      External IP (CARP)
      pfSense <– I have two syncing
      10.0.0.0/23 <-- LAN Side of pfSense

      ##Tunnel 2## Works evertime
      Remote Site
      10.0.X.0/24
      Cisco ASA
      External IP
      |
      |
      |
      External IP (CARP)
      pfSense <-- I have two syncing
      172.16.100.0/24 <-- Assigned to OpenVPN
      10.0.0.0/23 <-- LAN Side of pfSense

      1 Reply Last reply Reply Quote 0
      • First post
        Last post