I have a problem with a site-to-site IPSec connection beetwen ASA and Linux (openswan).
All policy are exchanged beetwen peers and tunnel is established succesfully.
The traffic can not send through tunnel with a no activity after 8 hours.
The sh cryp isa sa command show that tunnel is a MM_Active state but sh cryp ips sa show that aren't any decrypt and encrypt packet's.
Then helps reset deamon on a linux or clearing all security association on ASA.
So then I forced to exchange the new keys on isakmp and ipsec at every 3600 seconds.
Also I added the commands vpn-idle-timeouts none on default-group policy to this tunnel.
Now the tunnel is active for a week but not on Monday after the weekend.
The IPSec settings on openswan are defaults.
Does anyone met with a similar problem.
I have a similar problem. The tunnel goes UP... and, suddently stops... I make some traffic to come UP, but, no success...
After restart the service on the linux, it come UP....
How did you solve this issue?
I can see that you tried some great options but you still have the problem
Maybe you can collect debugs and send them to a syslog server to check why it goes to that state
What is the ASA version used?
The remote side should do the same btw
I had similar issue. After enabling NAT-T in asa, everything works fine.
Did you enable ip forwarding on linux box?
#change following line from 0 to 1
net.ipv4.ip_forward = 1
# activate it:
I have deployed many VPN tunnels between ASA and openswan without problems following the article below
Hope it helps!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: