ASA l2l IPSec with a openswan

wkamil123 · ‎09-30-2011

Hello,

I have a problem with a site-to-site IPSec connection beetwen ASA and Linux (openswan).

All policy are exchanged beetwen peers and tunnel is established succesfully.

The traffic can not send through tunnel with a no activity after 8 hours.

The sh cryp isa sa command show that tunnel is a MM_Active state but sh cryp ips sa show that aren't any decrypt and encrypt packet's.

Then helps reset deamon on a linux or clearing all security association on ASA.

So then I forced to exchange the new keys on isakmp and ipsec at every 3600 seconds.

Also I added the commands vpn-idle-timeouts none on default-group policy to this tunnel.

Now the tunnel is active for a week but not on Monday after the weekend.

The IPSec settings on openswan are defaults.

Does anyone met with a similar problem.

Kamil

Diego Maciel Gomes · ‎10-24-2013

Hello,

I have a similar problem. The tunnel goes UP... and, suddently stops... I make some traffic to come UP, but, no success...

After restart the service on the linux, it come UP....

How did you solve this issue?

Thanks!

andduart · ‎10-24-2013

Hi,

I can see that you tried some great options but you still have the problem

Maybe you can collect debugs and send them to a syslog server to check why it goes to that state

What is the ASA version used?

The remote side should do the same btw

Regards,

jerilkcherian · ‎12-20-2016

I had similar issue. After enabling NAT-T in asa, everything works fine.

husycisco · ‎10-24-2013

Hello Kamil,

Did you enable ip forwarding on linux box?

vi /etc/sysctl.conf

#change following line from 0 to 1

net.ipv4.ip_forward = 1

# activate it:

sysctl -p

I have deployed many VPN tunnels between ASA and openswan without problems following the article below

Hope it helps!