News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  VPN
linktree Topic: Racoon and Cisco ASA
Pages: [1]
Topic: Racoon and Cisco ASA  (Read 2539 times)
« on: July 09, 2010, 19:52:31 »
dave_it4mt *
Posts: 4
Hi Everybody,
I've got a problem with VPN tunnels terminating into Cisco ASA firewalls.
When m0n0Wall boots it builds the tunnels successfully but after a prolonged
idle period m0n0Wall can't reopen the tunnel unless I reboot m0n0Wall or manually
kill and restart racoon.

Log reports of the unsuccessful attempts to reopen the tunnel show that racoon
is trying to initiate a new Phase 2 negotiation but is not getting a response from the ASA:
racoon: INFO: initiate new phase 2 negotiation: <source IP><=><target IP>
racoon: ERROR: <target IP> give up to get IPsec-SA due to time up to wait.

If racoon is restarted then it begins with a new Phase 1 negotiation and the VPN builds successfully.

I've got tunnels to SonicWall, Cisco-3030 and probably others including m0n0Wall
and I've only seen this problem with Cisco ASA. Does anybody have any ideas
about what might be causing it? Any suggestions as to where to troubleshoot?

Is there any way to force racoon to initiate a new Phase 1 negociation without
restarting it?

Thanks For Looking At This Post.
-Dave
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines