LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Remote Access VPN with Racoon to Cisco ASA
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-16-2008, 08:12 PM   #1
kuksi
LQ Newbie
 
Registered: Jul 2008
Posts: 1

Rep: Reputation: 0
Remote Access VPN with Racoon to Cisco ASA

Hi there,

I would like to implement a remote access VPN with Racoon to Cisco ASA using certificate.
It works fine now so the following steps have already implemented successfully:
- Phase 1 is completed with success
- Phase 2 is completed with success

but

When I try to send packets from the Linux client using racoon I got the following errors on Cisco ASA:

Jul 15 16:31:22 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Jul 15 16:31:22 [IKEv1]: IKE Initiator unable to find policy: Intf inside, Src: INTERNAL_DEST, Dst: LINUX_SRC

So the incoming traffic should be OK from racoon to ASA because it matched to my crypto map configuration on the ASA but from some reason the answer packets are denied by the ASA.
I could debug the VPN process on the ASA and I can see all automatically and temporary generated VPN access list. So it seems everything is fine but I have this problem with the answer packets.

I haven't find any documentation for this solution but I don't think I'm the only person who wanted to implement this.

Any idea?

Regards

kuksi
 
Old 07-19-2008, 12:27 AM   #2
internetSurfer
Member
 
Registered: Jan 2008
Location: w3c
Distribution: Slackware 12 Zenwalk 5.2
Posts: 71

Rep: Reputation: 16
Extra Info:

racoon as the client: configuration example
http://www.netbsd.org/docs/network/i...ml#client_conf

ACCESS LISTS && TEST AND TROUBLESHOOTING
http://openskill.info/infobox.php?ID=1291
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to create a site2site with OpenSwan and Cisco ASA 5510 OdinnBurkni Linux - Security 17 05-01-2016 03:52 AM
Cisco VPN - access problem exitsfunnel Linux - Networking 6 10-10-2007 02:03 AM
racoon as a server to Cisco VPN client etzvetanov Linux - Networking 0 02-01-2007 07:08 AM
Cisco vpn client user access dclark Linux - Networking 4 02-08-2006 09:22 PM
Cisco VPN access from Slackware hayesben Slackware 4 12-17-2004 07:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:56 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration