cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3710
Views
0
Helpful
4
Replies
Highlighted
Beginner

ASA l2l IPSec with a openswan

Hello,

I have a problem with a site-to-site IPSec connection beetwen ASA and Linux (openswan).

All policy are exchanged beetwen peers and tunnel is established succesfully.

The traffic can not send through tunnel with a no activity after 8 hours.

The sh cryp isa sa command show that tunnel is a MM_Active state  but sh cryp ips sa show that aren't any decrypt and encrypt packet's.

Then helps reset deamon on a linux or clearing all security association on ASA.

So then I forced to exchange the new keys on isakmp and ipsec at every 3600 seconds.

Also I added the commands vpn-idle-timeouts none on default-group policy to this tunnel.

Now the tunnel is active for a  week but not on Monday after the weekend.

The IPSec settings on openswan are defaults.

Does anyone met with a similar problem.

Kamil

4 REPLIES 4
Highlighted

ASA l2l IPSec with a openswan

Hello,

I have a similar problem. The tunnel goes UP... and, suddently stops... I make some traffic to come UP, but, no success...

After restart the service on the linux, it come UP....

How did you solve this issue?

Thanks!

Highlighted
Beginner

ASA l2l IPSec with a openswan

Hi,

I can see that you tried some great options but you still have the problem

Maybe you can collect debugs and send them to a syslog server to check why it goes to that state

What is the ASA version used?

The remote side should do the same btw

Regards,

Highlighted
Beginner

 I had the similar issue.

 I had similar issue. After enabling NAT-T in asa, everything works fine. 

Highlighted
Rising star

ASA l2l IPSec with a openswan

Hello Kamil,

Did you enable ip forwarding on linux box?

vi /etc/sysctl.conf

#change following line from 0 to 1

net.ipv4.ip_forward = 1

# activate it:

sysctl -p

I have deployed many VPN tunnels between ASA and openswan without problems following the article below

https://community.opsourcecloud.net/View.jsp?procId=9efb7ca88925381eec45279a2828da19

Hope it helps!