cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4310
Views
0
Helpful
4
Replies

ASA l2l IPSec with a openswan

wkamil123
Beginner
Beginner

Hello,

I have a problem with a site-to-site IPSec connection beetwen ASA and Linux (openswan).

All policy are exchanged beetwen peers and tunnel is established succesfully.

The traffic can not send through tunnel with a no activity after 8 hours.

The sh cryp isa sa command show that tunnel is a MM_Active state  but sh cryp ips sa show that aren't any decrypt and encrypt packet's.

Then helps reset deamon on a linux or clearing all security association on ASA.

So then I forced to exchange the new keys on isakmp and ipsec at every 3600 seconds.

Also I added the commands vpn-idle-timeouts none on default-group policy to this tunnel.

Now the tunnel is active for a  week but not on Monday after the weekend.

The IPSec settings on openswan are defaults.

Does anyone met with a similar problem.

Kamil

4 Replies 4

Hello,

I have a similar problem. The tunnel goes UP... and, suddently stops... I make some traffic to come UP, but, no success...

After restart the service on the linux, it come UP....

How did you solve this issue?

Thanks!

Hi,

I can see that you tried some great options but you still have the problem

Maybe you can collect debugs and send them to a syslog server to check why it goes to that state

What is the ASA version used?

The remote side should do the same btw

Regards,

 I had similar issue. After enabling NAT-T in asa, everything works fine. 

husycisco
Rising star
Rising star

Hello Kamil,

Did you enable ip forwarding on linux box?

vi /etc/sysctl.conf

#change following line from 0 to 1

net.ipv4.ip_forward = 1

# activate it:

sysctl -p

I have deployed many VPN tunnels between ASA and openswan without problems following the article below

https://community.opsourcecloud.net/View.jsp?procId=9efb7ca88925381eec45279a2828da19

Hope it helps!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: