Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX - Site2Site - Dynamic IP - Changes

Status
Not open for further replies.
maynarja

maynarja

MIS
Jan 24, 2007
41
CA
Site to Site using PIX and pfSense

pfSense is dynamic and intiates the VPN
PIX is Static

pfSense ------- INTERNET ------- PIX

If pfeSense's IP changes the tunnel is dropped which is expected but pfSense cannot connect without a reboot. PIX sees the attempt but blocks it with an ACL.

I assume that pfSense is sending the SA with a changed IP and the PIX identifies that as an attempt to spoof the tunnel.

Is there anything I can do on the PIX side or do I have to reduce the SA's lifetime to minutes and what consequence would that be... much more traffic and.....
 
Sort by date Sort by votes
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
925
Sameer258
Sameer258
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
633
XLNTech1
XLNTech1
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
725
Johnkite
Johnkite
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
235
Russtoleum
Russtoleum
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
159
xwray
xwray

Part and Inventory Search

Sponsor

Back
Top