[strongSwan] remote access tunnels: strongSwan (initiator) <--> CISCO ASA

Noel Kuntze noel at familie-kuntze.de
Fri Mar 10 23:01:50 CET 2017


> My first/immediate problem is that if I do not name the tunnel-group
> "192.168.0.207" (the IP of the tunnel initiator host) I can't get the tunnel up.
> I'd like to be able to have different tunnel-group names (like: "tunnel-group
> marketing", "tunnel-group economy", etc.) and not something like
> "tunnel-group 192.168.0.207" because this is silly. Plus I can't know
> beforehand what IP-addresses my roaming clients are going to have in a
> real-world scenario.

Take this up with CISCO and look for help regarding that elsewhere.
This is probably not the right ML for that.

 
> The second issue I have is that when I manage to get the tunnel established
> (by having "tunnel-group 192.168.0.207" on ASA) I still can't get traffic
> through the tunnel (for example ping the PC from the Debian testing host).

Check if the ASA gets and processes the packets.
Also check if the packets make it onto the LAN behind the ASA.
Also check the return path.

 
> I am providing logs, config files and network captures for my two test cases
> in the attached tarball.
> 
> Any help/hint about what I am doing wrong or missing is greatly appreciated!
> 
> Oh, one more thing: is there any convenient way to do online searches in
> the mailing list archive?

> https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests

"Search the mailing list using google and google search syntax (use the site:
keyword in the search request for google to specify the site that google should
print results for. E.g. site:strongswan.org NO_PROP_CHOSEN)"


> 
> ---
> Sorin

-- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170310/93a1fe04/attachment.sig>


More information about the Users mailing list