Yes, I use it to make remote pfSenses at dynamic endpoints join automatically again after their IP has changed and to keep tunnels up even without traffic from clients keeping it alive.
Holger > -----Original Message----- > From: Alvaro Pietrobono [mailto:[EMAIL PROTECTED] > Sent: Friday, June 23, 2006 3:50 PM > To: [email protected] > Subject: Re: [pfSense Support] Disconnections on VPN tunnel with CISCO > > > > Try "prefer older IPSEC SA" at system>advanced > > already done...is the same > > > Does disabling and enabling IPSEC at the pfSense solve the > issue if the > > cisco can't connect? > > Yes, it solve. disabling tunnel on Cisco and disabling and > enabling IPSEC at > the pfSense > connection goes up again without problem..... > > > > Also is one side of the setup at a dynamic IP and if so which one? > > No. both have static IP. > > I think this is a manual way and not automatic.... > At the bottom of IPsec configuration there is > a field "keep alive"....does it work? > > ~Alvaro > > > > ----- Original Message ----- > From: "Holger Bauer" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Friday, June 23, 2006 12:58 PM > Subject: RE: [pfSense Support] Disconnections on VPN tunnel with CISCO > > > Try "prefer older IPSEC SA" at system>advanced. Disable and > enable IPSEC at > the pfSense end to make sure the new settings are applied. > Does disabling > and enabling IPSEC at the pfSense solve the issue if the cisco can't > connect? From the logs it looks like the cisco doesn't answer to the > connection attempt of the pfSense. Also is one side of the setup at a > dynamic IP and if so which one? > > Holger > -----Original Message----- > From: Alvaro Pietrobono [mailto:[EMAIL PROTECTED] > Sent: Friday, June 23, 2006 11:33 AM > To: [email protected] > Subject: [pfSense Support] Disconnections on VPN tunnel with CISCO > > > HI, > I have made a VPN from Cisco VPN Concentrator > to PfSense and all works fine, but when connection on Cisco side > go down for any reason the tunnel don't succeed to establish > a new one. From cisco side all seems ok but pfsense log > same errors: > racoon: INFO: request for establishing IPsec-SA was queued > due to no phase1 > found > racoon: ERROR: phase1 negotiation failed due to time up. > 88bf18f7d1e83702:0000000000000000 > > So I have to reboot PfSense to establish a new VPN. > > Do you think there is a way to resolve this problem? > > Thanx in advance. > > ~Alvaro > > > > > > > > > > > > > > > > > > > > > > > > ---------------------------------------- > A.PIetrobono > List Spa - ITALY > phone: +39050800151 > email: [EMAIL PROTECTED] > web: www.list.it > ---------------------------------------- > > ____________ > Virus checked by G DATA AntiVirusKit > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------((((((( Internet Email Confidentiality Footer )))))))-------- > > This e-mail, including any attachments, may contain > information that is > protected by law as privileged and confidential, and is > transmitted for > the sole use of the intended recipient. If you are not the intended > recipient, you are hereby notified that any use, > dissemination, copying > or retention of this e-mail or the information contained herein is > strictly prohibited. If you have received this e-mail in > error, please > notify immediately the sender by telephone or reply by e-mail, and > permanently delete this e-mail from your computer system. > The statements and opinions expressed in this e-mail message are > those of the author of the message and do not necessarily represent > those of List Group S.p.A. Besides, the contents of this message > shall be understood as neither given nor endorsed by List Group S.p.A. > List Group S.p.A. does not accept liability for corruption, > interception or > amendment, if any, or the consequences thereof. > > -------------------------------------------------------------- > --------- > > ____________ Virus checked by G DATA AntiVirusKit --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
