Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
Intermittent traffic flow between OPnsense and Cisco ASA VPN
« previous
next »
Print
Pages: [
1
]
Author
Topic: Intermittent traffic flow between OPnsense and Cisco ASA VPN (Read 5458 times)
tomas.morales
Newbie
Posts: 5
Karma: 0
Intermittent traffic flow between OPnsense and Cisco ASA VPN
«
on:
August 12, 2016, 02:48:41 pm »
Hi all
We are trying to introduce OPNsense in our network so we are quite newbie.
We have managed to establish an IPSec VPN between OPNsense 16.7-amd64 and a cisco ASA5545 running asa912-smp-k8.bin.
Our problem is the traffic is not crossing the VPN while it is established.
For example, trying to ping a machine in the other end, takes more than 1 minute to respond, but the Ipsec is fully established:
$ ping 10.132.43.117
PING 10.132.43.117 (10.132.43.117) 56(84) bytes of data.
....
64 bytes from 10.132.43.117: icmp_seq=1 ttl=63 time=68.2 ms
From the cisco we see sometimes the below:
Total IKE SA: 5
....
4 IKE Peer: 104.255.200.142
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
5 IKE Peer: 104.255.200.142
Type : user Role : responder
Rekey : no State : MM_WAIT_MSG3
From opsense, it doesnt report any problem, as far as I can see. We have increased the logging for "SA Manager", "IKE SA", "IKE Child SA" and still the logs dont show anything noticeable.
Any advice for troubleshooting this problem?
Thanks
tomas
Logged
tomas.morales
Newbie
Posts: 5
Karma: 0
Re: Intermittent traffic flow between OPnsense and Cisco ASA VPN
«
Reply #1 on:
August 12, 2016, 02:50:40 pm »
we have more VPNs in the cisco ASA and they work fine.
Logged
tomas.morales
Newbie
Posts: 5
Karma: 0
Re: Intermittent traffic flow between OPnsense and Cisco ASA VPN
«
Reply #2 on:
August 17, 2016, 12:07:49 pm »
It seems we fixed it.
We have to allow ESP (IP 50) and UDP (isakmp) traffic sent to the firewall itself.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
Intermittent traffic flow between OPnsense and Cisco ASA VPN