04-10-2019 04:02 PM
My configurations was working with Site to Site VPN with IKEv1 using PSK. I created certificates and the connections are working. I can see some good debugging on the other side because it is Strongswan on a linux host. I shows everything is connected correctly. I can see data leaving the ASA 5506-X but nothing returns. It is the same on the other side.
Just wondering if there is oddity with certificate based that can cause issues.
04-10-2019 08:14 PM
If the data is leaving the 5506 and nothing is returning then that suggests the issue is the other end.
04-10-2019 08:42 PM
Both ends are having the same problem. Data goes out but nothing comes in.
04-10-2019 08:44 PM
I had the same problem when I setup the PSK. It was missing NAT entries, but those entries are still active.
04-12-2019 01:58 PM
You may want to verify your configuration against this configuration guide, see link https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/110221-asavpnclient-ca.html#step4.
If you believe your configuration is correct, double check your certificate and CA certificate. If you do a debug on your ASA when performing the test, it may give you a hint where the step is missing or incorrect.
04-15-2019 01:01 PM
The other end had an firewall issue. It is working.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: