I set mine to ping the private IP of the other firewall, make sure ICMP is enabled though!!! On Friday 23 June 2006 10:21, Brian Neufeld wrote: > Please forgive the ignorant question, but one would put a private address > from the other side of the VPN in the keep alive field, correct? > > ~Brian > > > -----Original Message----- > > From: Holger Bauer [mailto:[EMAIL PROTECTED] > > Sent: Friday, June 23, 2006 7:01 AM > > To: [email protected] > > Subject: RE: [pfSense Support] Disconnections on VPN tunnel with CISCO > > > > > > Yes, I use it to make remote pfSenses at dynamic endpoints > > join automatically again after their IP has changed and to > > keep tunnels up even without traffic from clients keeping it alive. > > > > Holger > > > > > -----Original Message----- > > > From: Alvaro Pietrobono [mailto:[EMAIL PROTECTED] > > > Sent: Friday, June 23, 2006 3:50 PM > > > To: [email protected] > > > Subject: Re: [pfSense Support] Disconnections on VPN tunnel > > > > with CISCO > > > > > > Try "prefer older IPSEC SA" at system>advanced > > > > > > already done...is the same > > > > > > > Does disabling and enabling IPSEC at the pfSense solve the > > > > > > issue if the > > > > > > > cisco can't connect? > > > > > > Yes, it solve. disabling tunnel on Cisco and disabling and > > > enabling IPSEC at > > > the pfSense > > > connection goes up again without problem..... > > > > > > > Also is one side of the setup at a dynamic IP and if so which one? > > > > > > No. both have static IP. > > > > > > I think this is a manual way and not automatic.... > > > At the bottom of IPsec configuration there is > > > a field "keep alive"....does it work? > > > > > > ~Alvaro > > > > > > > > > > > > ----- Original Message ----- > > > From: "Holger Bauer" <[EMAIL PROTECTED]> > > > To: <[email protected]> > > > Sent: Friday, June 23, 2006 12:58 PM > > > Subject: RE: [pfSense Support] Disconnections on VPN tunnel > > > > with CISCO > > > > > Try "prefer older IPSEC SA" at system>advanced. Disable and > > > enable IPSEC at > > > the pfSense end to make sure the new settings are applied. > > > Does disabling > > > and enabling IPSEC at the pfSense solve the issue if the > > > > cisco can't > > > > > connect? From the logs it looks like the cisco doesn't > > > > answer to the > > > > > connection attempt of the pfSense. Also is one side of the > > > > setup at a > > > > > dynamic IP and if so which one? > > > > > > Holger > > > -----Original Message----- > > > From: Alvaro Pietrobono [mailto:[EMAIL PROTECTED] > > > Sent: Friday, June 23, 2006 11:33 AM > > > To: [email protected] > > > Subject: [pfSense Support] Disconnections on VPN tunnel with CISCO > > > > > > > > > HI, > > > I have made a VPN from Cisco VPN Concentrator > > > to PfSense and all works fine, but when connection on Cisco > > > > side go > > > > > down for any reason the tunnel don't succeed to establish a > > > > new one. > > > > > From cisco side all seems ok but pfsense log same errors: > > > racoon: INFO: request for establishing IPsec-SA was queued > > > due to no phase1 > > > found > > > racoon: ERROR: phase1 negotiation failed due to time up. > > > 88bf18f7d1e83702:0000000000000000 > > > > > > So I have to reboot PfSense to establish a new VPN. > > > > > > Do you think there is a way to resolve this problem? > > > > > > Thanx in advance. > > > > > > ~Alvaro > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ---------------------------------------- > > > A.PIetrobono > > > List Spa - ITALY > > > phone: +39050800151 > > > email: [EMAIL PROTECTED] > > > web: www.list.it > > > ---------------------------------------- > > > > > > ____________ > > > Virus checked by G DATA AntiVirusKit > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > --------((((((( Internet Email Confidentiality Footer > > > > )))))))-------- > > > > > This e-mail, including any attachments, may contain > > > information that is > > > protected by law as privileged and confidential, and is > > > transmitted for > > > the sole use of the intended recipient. If you are not the intended > > > recipient, you are hereby notified that any use, > > > dissemination, copying > > > or retention of this e-mail or the information contained herein is > > > strictly prohibited. If you have received this e-mail in > > > error, please > > > notify immediately the sender by telephone or reply by e-mail, and > > > permanently delete this e-mail from your computer system. > > > The statements and opinions expressed in this e-mail message are > > > those of the author of the message and do not necessarily represent > > > those of List Group S.p.A. Besides, the contents of this message > > > shall be understood as neither given nor endorsed by List > > > > Group S.p.A. > > > > > List Group S.p.A. does not accept liability for corruption, > > > interception or > > > amendment, if any, or the consequences thereof. > > > > > > -------------------------------------------------------------- > > > --------- > > > > ____________ > > Virus checked by G DATA AntiVirusKit > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
