My network has two gateways, one is a pfSense box that everyone uses. The other one is a TP-Link firewall essentially for tests.
Some machines inside my network need to access a VPN through the Cisco VPN client. If one of those machines is using the pfSense box as the gateway, I experience random connection drops on the VPN. If I am using the TP-Link gateway that doesn't happen.
I've tried changing the MTU in the pfSense box and that improved things a little bit but didn't really solve the problem. I also followed the guidelines for traffic shaping in pfSense and the connections still drop quite often.
Ideas?
Best Answer
For anybody else who might be tracking down this same issue. I am using openconnect (an opensource version of AnyConnect) to connect to a network and the connection would time out rather quickly. When using a dd-wrt router, it would stay connected.
The root of the problem is the stateful firewall will kill an idle UDP based VPN connection fairly quickly. If you use the Conservative firewall optimization setting, it should help keep you connected. The setting "tries to avoid dropping any legitimate idle connections at the expense of increased memory usage and CPU utilization."
Change the Firewall Optimization Option (from pfSense 2.1.4)
You can also keep the connection alive by using something that has a persistent connection that has some kind of keepalive mechanism - or just ping a server on the other end of the VPN connection to keep it alive.