Cisco ASA dropping IPsec VPN between istself and CentOS server

Posted by sebelk on Server Fault See other posts from Server Fault or by sebelk
Published on 2012-08-24T16:01:22Z Indexed on 2012/09/11 21:40 UTC
Read the original article Hit count: 347

Filed under:
|
|
|

Currently we're trying to set up an IPsec VPN between a Cisco ASA Version 8.0(4) and a CentOS Linux server.

The tunnel comes up successfully, but for some reason that we can't figure out, the firewall is dropping packets from the VPN.

The IPsec settings in the ASA sre as follows:

crypto ipsec transform-set up-transform-set esp-3des esp-md5-hmac

crypto ipsec transform-set up-transform-set2 esp-3des esp-sha-hmac

crypto ipsec transform-set up-transform-set3 esp-aes esp-md5-hmac

crypto ipsec transform-set up-transform-set4 esp-aes esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map linuxserver 10 match address filtro-encrypt-linuxserver


crypto map linuxserver 10 set peer linuxserver

crypto map linuxserver 10 set transform-set up-transform-set2 up-transform-set3 up-transform-set4

crypto map linuxserver 10 set security-association lifetime seconds 28800

crypto map linuxserver 10 set security-association lifetime kilobytes 4608000

crypto map linuxserver interface outside

crypto isakmp enable outside

crypto isakmp policy 1

authentication pre-share

encryption aes

hash sha

group 2

lifetime 28800

crypto isakmp policy 2

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 86400

crypto isakmp policy 3

authentication pre-share

encryption aes-256

hash md5

group 2

lifetime 86400

crypto isakmp policy 4

authentication pre-share

encryption aes-192

hash sha

group 2

lifetime 86400

crypto isakmp policy 5

authentication pre-share

encryption aes-192

hash md5

group 2

group-policy linuxserverip internal

group-policy linuxserverip attributes

vpn-filter value filtro-linuxserverip

tunnel-group linuxserverip type ipsec-l2l

tunnel-group linuxserverip general-attributes

default-group-policy linuxserverip

tunnel-group linuxserverip ipsec-attributes

pre-shared-key *

Does anyone know where the problem is and how to fix it?

© Server Fault or respective owner

Related posts about vpn

Related posts about cisco