Question

You have completed your construction of the IPsecVPN, allowing remote employees to securely connect to the corporate network. Employees have been able to successfully access company resources, and management is pleased now that they can filter traffic on remote company computers. However, some time has passed since the initial deployment, and a trend of complaints about dropped connections has emerged, causing prolonged reconnection periods and requiring some employees to manually reconnect. After speaking with remote employees to try identifying a pattern, you discover this is happening whenever the employee switches to a different network or network attachment point, such as from wired to wireless. Further investigation reveals that only employees without their VPN client credentials saved are being forced to manually reconnect. You suspect that their IP is changing when they switch connections, and that when it does, new Security Associations (SA) for the tunnel are created. This would explain why those with their credentials saved experience minimal impact, while those without their credentials saved are forced to authenticate again manually. Recalling that the Mobility and Multihoming protocol (MOBIKE) enables clients to continue using existing Security Associations across IP changes, you decide MOBIKE will solve the issue for the latter and reduce reconnection period for the former. Using the internet, research how to enable MOBIKE support for your IPsec tunnel in pfSense. Then, using the Workstation system, connect to the pfSense WebGUI and implement your changes.

You have completed your construction of the IPsecVPN, allowing remote employees to securely connect to the corporate network. Employees have been able to successfully access company resources, and management is pleased now that they can filter traffic on remote company computers. However, some time has passed since the initial deployment, and a trend of complaints about dropped connections has emerged, causing prolonged reconnection periods and requiring some employees to manually reconnect.

After speaking with remote employees to try identifying a pattern, you discover this is happening whenever the employee switches to a different network or network attachment point, such as from wired to wireless. Further investigation reveals that only employees without their VPN client credentials saved are being forced to manually reconnect. You suspect that their IP is changing when they switch connections, and that when it does, new Security Associations (SA) for the tunnel are created. This would explain why those with their credentials saved experience minimal impact, while those without their credentials saved are forced to authenticate again manually.

Recalling that the Mobility and Multihoming protocol (MOBIKE) enables clients to continue using existing Security Associations across IP changes, you decide MOBIKE will solve the issue for the latter and reduce reconnection period for the former. Using the internet, research how to enable MOBIKE support for your IPsec tunnel in pfSense. Then, using the Workstation system, connect to the pfSense WebGUI and implement your changes.

Added by Joseph A.

Question

Please give Ace some feedback