[pfSense Support] IPsec VPN times out requires ping to restart

Fri, 03 Apr 2009 12:29:58 -0700 

I have a problem with a vpn between my pfsense box and an ASA box.  I've
noticed the same problem between PIX and pfsense.  The VPN works fine,
but when there is no traffic for awhile it will stop receiving
connections.  The ASA side will try to send, but the pfsense side will
not respond.  If I ping across the VPN from the pfsense side the VPN
comes back up instantly.
 
This has not been an issue before because my monitoring system pings
across all my VPN's periodically.  Now I have a VPN that is limited to
one server a windows server, so I can't even use cron to ping
periodically.
 
Any suggestions.
 
Here is my VPN config, I took out the keys and ip's but it works fine
until it times out so none of that should be relevent.
 
------------
<descr>Hospital HL7</descr> 
  <pinghost>60</pinghost> 
  </tunnel>
-
<file://bc1-carmel/departments/MIS/config%20files/pfsense%20config%20fil
es/Main%20firewall/config-bhcfwa.behaviorcorp.org-20090317130333.xml#>
<tunnel>
  <interface>wan</interface> 
-
<file://bc1-carmel/departments/MIS/config%20files/pfsense%20config%20fil
es/Main%20firewall/config-bhcfwa.behaviorcorp.org-20090317130333.xml#>
<local-subnet>
  <address>x.x.x.x</address> 
  </local-subnet>
  <remote-subnet>x.x.x.x/32</remote-subnet> 
  <remote-gateway>x.x.x.x</remote-gateway> 
-
<file://bc1-carmel/departments/MIS/config%20files/pfsense%20config%20fil
es/Main%20firewall/config-bhcfwa.behaviorcorp.org-20090317130333.xml#>
<p1>
  <mode>aggressive</mode> 
-
<file://bc1-carmel/departments/MIS/config%20files/pfsense%20config%20fil
es/Main%20firewall/config-bhcfwa.behaviorcorp.org-20090317130333.xml#>
<myident>
  <myaddress /> 
  </myident>
  <encryption-algorithm>3des</encryption-algorithm> 
  <hash-algorithm>sha1</hash-algorithm> 
  <dhgroup>2</dhgroup> 
  <lifetime>86600</lifetime> 
  <pre-shared-key>xxxxxxxxxxxxxxxxxxxxxxxx</pre-shared-key> 
  <private-key /> 
  <cert /> 
  <peercert /> 
  <authentication_method>pre_shared_key</authentication_method> 
  </p1>
-
<file://bc1-carmel/departments/MIS/config%20files/pfsense%20config%20fil
es/Main%20firewall/config-bhcfwa.behaviorcorp.org-20090317130333.xml#>
<p2>
  <protocol>esp</protocol> 
  <encryption-algorithm-option>3des</encryption-algorithm-option> 
  <hash-algorithm-option>hmac_sha1</hash-algorithm-option> 
  <pfsgroup>0</pfsgroup> 
  <lifetime>86600</lifetime> 
---------------------
 
Paul F. Borowicz
Network Administrator
Behavior Corp
(317) 587-0521
[email protected]

Reply via email to