Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 03-25-2010, 03:28 PM   #1
Registered: Sep 2004
Posts: 86

Rep: Reputation: 17
site to site vpn racoon with cisco asa 5505 routing issues

I have three locations with a central office connected to two remote locations. At the central office I run on a cisco asa 5505 two site to site vpns. The remote end of the first site is a checkpoint firewall , and the remote end of the second site is racoon on debian.

Both sites are up and working. However, where at the first site traffic goes both ways, at the second site it only works from the central office to the remote office.

For example, I can ssh from a host in the central office to a host in the first remote site (through checkpoint firewall,) then ssh back from that host at the remote office to any host in the central office.

In contrast, after I ssh from a host in the central office to a host in the second remote office (through racoon), I cannot see the central office hosts (ping the ip address of a central office host, ssh, etc. all fail.)

The vpn settings at the central office (the cisco asa 5505) are identical.

So it seems to me that some routing magic is missing on the host running racoon at the second remote office.

Where would such setting reside? racoon config files? iptables?
Old 04-02-2010, 01:26 PM   #2
Senior Member
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 164Reputation: 164
I've personally only ever used raccoon once and it was in a test environment, so I can't offer a lot of information there, you might want to review this configuration (its bsd so not exact, but this was the same guide I used when I set it up: ) It is also possible you have a iptables issue, but we need to know more information to really be able to diagnose any existing issues, configs, logs, etc.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
site to site vpn cbt... shahg_shahg Linux - Networking 1 04-28-2009 09:00 AM
Remote Access VPN with Racoon to Cisco ASA kuksi Linux - Security 1 07-19-2008 01:27 AM
Site to Site VPN - Internet browsing bence8810 Linux - Networking 2 04-19-2008 12:56 PM
Public IP's for site to site VPN prashanlk Linux - Networking 3 12-16-2007 01:19 PM
racoon as a server to Cisco VPN client etzvetanov Linux - Networking 0 02-01-2007 08:08 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:05 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration