LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Remote Access VPN with Racoon to Cisco ASA (https://www.linuxquestions.org/questions/linux-security-4/remote-access-vpn-with-racoon-to-cisco-asa-656249/)

kuksi 07-16-2008 08:12 PM
Remote Access VPN with Racoon to Cisco ASA
 
Hi there,

I would like to implement a remote access VPN with Racoon to Cisco ASA using certificate.
It works fine now so the following steps have already implemented successfully:
- Phase 1 is completed with success
- Phase 2 is completed with success

but

When I try to send packets from the Linux client using racoon I got the following errors on Cisco ASA:

Jul 15 16:31:22 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Jul 15 16:31:22 [IKEv1]: IKE Initiator unable to find policy: Intf inside, Src: INTERNAL_DEST, Dst: LINUX_SRC

So the incoming traffic should be OK from racoon to ASA because it matched to my crypto map configuration on the ASA but from some reason the answer packets are denied by the ASA.
I could debug the VPN process on the ASA and I can see all automatically and temporary generated VPN access list. So it seems everything is fine but I have this problem with the answer packets.

I haven't find any documentation for this solution but I don't think I'm the only person who wanted to implement this.

Any idea?

Regards

kuksi

internetSurfer 07-19-2008 12:27 AM
Extra Info:

racoon as the client: configuration example
http://www.netbsd.org/docs/network/i...ml#client_conf

ACCESS LISTS && TEST AND TROUBLESHOOTING
http://openskill.info/infobox.php?ID=1291


All times are GMT -5. The time now is 10:15 PM.