LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   site to site vpn racoon with cisco asa 5505 routing issues (https://www.linuxquestions.org/questions/linux-networking-3/site-to-site-vpn-racoon-with-cisco-asa-5505-routing-issues-797855/)

wastingtime 03-25-2010 03:28 PM

site to site vpn racoon with cisco asa 5505 routing issues
 
I have three locations with a central office connected to two remote locations. At the central office I run on a cisco asa 5505 two site to site vpns. The remote end of the first site is a checkpoint firewall , and the remote end of the second site is racoon on debian.

Both sites are up and working. However, where at the first site traffic goes both ways, at the second site it only works from the central office to the remote office.

For example, I can ssh from a host in the central office to a host in the first remote site (through checkpoint firewall,) then ssh back from that host at the remote office to any host in the central office.

In contrast, after I ssh from a host in the central office to a host in the second remote office (through racoon), I cannot see the central office hosts (ping the ip address of a central office host, ssh, etc. all fail.)

The vpn settings at the central office (the cisco asa 5505) are identical.

So it seems to me that some routing magic is missing on the host running racoon at the second remote office.

Where would such setting reside? racoon config files? iptables?

rweaver 04-02-2010 01:26 PM

I've personally only ever used raccoon once and it was in a test environment, so I can't offer a lot of information there, you might want to review this configuration (its bsd so not exact, but this was the same guide I used when I set it up: http://www.bsdguides.org/guides/free...ng/vpn_pix.php ) It is also possible you have a iptables issue, but we need to know more information to really be able to diagnose any existing issues, configs, logs, etc.


All times are GMT -5. The time now is 02:30 AM.