site to site vpn racoon with cisco asa 5505 routing issues
I have three locations with a central office connected to two remote locations. At the central office I run on a cisco asa 5505 two site to site vpns. The remote end of the first site is a checkpoint firewall , and the remote end of the second site is racoon on debian.
Both sites are up and working. However, where at the first site traffic goes both ways, at the second site it only works from the central office to the remote office.
For example, I can ssh from a host in the central office to a host in the first remote site (through checkpoint firewall,) then ssh back from that host at the remote office to any host in the central office.
In contrast, after I ssh from a host in the central office to a host in the second remote office (through racoon), I cannot see the central office hosts (ping the ip address of a central office host, ssh, etc. all fail.)
The vpn settings at the central office (the cisco asa 5505) are identical.
So it seems to me that some routing magic is missing on the host running racoon at the second remote office.
Where would such setting reside? racoon config files? iptables?