Strongswan VPN Established but no Packets Routed

routing cisco-asa strongswan

Solution 1:

Sorry to necropost on the topic, there's just not much info out there in one place on this particular configuration in terms of troubleshooting.

My config:

  • AWS: Strongswan 5.1.3
  • Corp: Cisco ASA5520 8.4(4)1

Symptoms:

  1. Could initiate tunnel and ping from Cisco ASA private LAN to AWS private LAN always.

  2. On tunnel timeout/restart I could not initiate or ping from AWS to Cisco ASA unless/until traffic was generated from Cisco ASA side. IPSEC STATUSALL revealed

    Tasks active: MODE_CONFIG
Tasks queued: QUICK_MODE

I found that with modeconfig=push and leftsourceip= both configured, it got stuck at:

Tasks active: MODE_CONFIG
Tasks queued: QUICK_MODE

Removing modeconfig=push left it stuck at:

Tasks active: MODE_CONFIG

Removing leftsourceip= did the trick and everything was up and stable both ways.

I take it those two are needed by PIX an maybe some older version of ASA but not this one.

Related

Nginx $http_x_forwarded_for not always being set
How to accept EULAs for Software updates deployed through SCCM using Powershell
Openvpn routing for lan to lan through tun
Is it possible to receive inbound emails using Mandrill?
Requests are never queued after pm.max_children with Nginx and PHP-FPM
How to enable certain SSL cipher while having disabled the group?
Why do things break when using DFS/Folder Redirection?
Getting 503 error from Varnish but varnishlog doesn't tell much
How to simulate SSL client failing handshake?
OpenVPN allow two clients to connect to each other without using client-to-client globally
APK signing error : Failed to read key from keystore
How to find file accessed/created just few minutes ago