Please forgive the ignorant question, but one would put a private address from the other side of the VPN in the keep alive field, correct?
~Brian > -----Original Message----- > From: Holger Bauer [mailto:[EMAIL PROTECTED] > Sent: Friday, June 23, 2006 7:01 AM > To: support@pfsense.com > Subject: RE: [pfSense Support] Disconnections on VPN tunnel with CISCO > > > Yes, I use it to make remote pfSenses at dynamic endpoints > join automatically again after their IP has changed and to > keep tunnels up even without traffic from clients keeping it alive. > > Holger > > > -----Original Message----- > > From: Alvaro Pietrobono [mailto:[EMAIL PROTECTED] > > Sent: Friday, June 23, 2006 3:50 PM > > To: support@pfsense.com > > Subject: Re: [pfSense Support] Disconnections on VPN tunnel > with CISCO > > > > > > > Try "prefer older IPSEC SA" at system>advanced > > > > already done...is the same > > > > > Does disabling and enabling IPSEC at the pfSense solve the > > issue if the > > > cisco can't connect? > > > > Yes, it solve. disabling tunnel on Cisco and disabling and > > enabling IPSEC at > > the pfSense > > connection goes up again without problem..... > > > > > > > Also is one side of the setup at a dynamic IP and if so which one? > > > > No. both have static IP. > > > > I think this is a manual way and not automatic.... > > At the bottom of IPsec configuration there is > > a field "keep alive"....does it work? > > > > ~Alvaro > > > > > > > > ----- Original Message ----- > > From: "Holger Bauer" <[EMAIL PROTECTED]> > > To: <support@pfsense.com> > > Sent: Friday, June 23, 2006 12:58 PM > > Subject: RE: [pfSense Support] Disconnections on VPN tunnel > with CISCO > > > > > > Try "prefer older IPSEC SA" at system>advanced. Disable and > > enable IPSEC at > > the pfSense end to make sure the new settings are applied. > > Does disabling > > and enabling IPSEC at the pfSense solve the issue if the > cisco can't > > connect? From the logs it looks like the cisco doesn't > answer to the > > connection attempt of the pfSense. Also is one side of the > setup at a > > dynamic IP and if so which one? > > > > Holger > > -----Original Message----- > > From: Alvaro Pietrobono [mailto:[EMAIL PROTECTED] > > Sent: Friday, June 23, 2006 11:33 AM > > To: support@pfsense.com > > Subject: [pfSense Support] Disconnections on VPN tunnel with CISCO > > > > > > HI, > > I have made a VPN from Cisco VPN Concentrator > > to PfSense and all works fine, but when connection on Cisco > side go > > down for any reason the tunnel don't succeed to establish a > new one. > > From cisco side all seems ok but pfsense log same errors: > > racoon: INFO: request for establishing IPsec-SA was queued > > due to no phase1 > > found > > racoon: ERROR: phase1 negotiation failed due to time up. > > 88bf18f7d1e83702:0000000000000000 > > > > So I have to reboot PfSense to establish a new VPN. > > > > Do you think there is a way to resolve this problem? > > > > Thanx in advance. > > > > ~Alvaro > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ---------------------------------------- > > A.PIetrobono > > List Spa - ITALY > > phone: +39050800151 > > email: [EMAIL PROTECTED] > > web: www.list.it > > ---------------------------------------- > > > > ____________ > > Virus checked by G DATA AntiVirusKit > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > --------((((((( Internet Email Confidentiality Footer > )))))))-------- > > > > This e-mail, including any attachments, may contain > > information that is > > protected by law as privileged and confidential, and is > > transmitted for > > the sole use of the intended recipient. If you are not the intended > > recipient, you are hereby notified that any use, > > dissemination, copying > > or retention of this e-mail or the information contained herein is > > strictly prohibited. If you have received this e-mail in > > error, please > > notify immediately the sender by telephone or reply by e-mail, and > > permanently delete this e-mail from your computer system. > > The statements and opinions expressed in this e-mail message are > > those of the author of the message and do not necessarily represent > > those of List Group S.p.A. Besides, the contents of this message > > shall be understood as neither given nor endorsed by List > Group S.p.A. > > List Group S.p.A. does not accept liability for corruption, > > interception or > > amendment, if any, or the consequences thereof. > > > > -------------------------------------------------------------- > > --------- > > > > > > ____________ > Virus checked by G DATA AntiVirusKit > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
