09-30-2011 07:55 AM - edited 02-21-2020 05:37 PM
Hello,
I have a problem with a site-to-site IPSec connection beetwen ASA and Linux (openswan).
All policy are exchanged beetwen peers and tunnel is established succesfully.
The traffic can not send through tunnel with a no activity after 8 hours.
The sh cryp isa sa command show that tunnel is a MM_Active state but sh cryp ips sa show that aren't any decrypt and encrypt packet's.
Then helps reset deamon on a linux or clearing all security association on ASA.
So then I forced to exchange the new keys on isakmp and ipsec at every 3600 seconds.
Also I added the commands vpn-idle-timeouts none on default-group policy to this tunnel.
Now the tunnel is active for a week but not on Monday after the weekend.
The IPSec settings on openswan are defaults.
Does anyone met with a similar problem.
Kamil
10-24-2013 12:35 PM
Hello,
I have a similar problem. The tunnel goes UP... and, suddently stops... I make some traffic to come UP, but, no success...
After restart the service on the linux, it come UP....
How did you solve this issue?
Thanks!
10-24-2013 01:09 PM
Hi,
I can see that you tried some great options but you still have the problem
Maybe you can collect debugs and send them to a syslog server to check why it goes to that state
What is the ASA version used?
The remote side should do the same btw
Regards,
12-20-2016 11:43 PM
I had similar issue. After enabling NAT-T in asa, everything works fine.
10-24-2013 05:34 PM
Hello Kamil,
Did you enable ip forwarding on linux box?
vi /etc/sysctl.conf
#change following line from 0 to 1
net.ipv4.ip_forward = 1
# activate it:
sysctl -p
I have deployed many VPN tunnels between ASA and openswan without problems following the article below
https://community.opsourcecloud.net/View.jsp?procId=9efb7ca88925381eec45279a2828da19
Hope it helps!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide