4. IPsec to Cisco ASA – not stable or good

IPsec to Cisco ASA – not stable or good

  • W

    We've been running a IPsec tunnel between office and Rackspace environments for several years, using Openswan on Linux for the office end, Cisco ASAs at Rackspace.

    Tried moving the simpler of those tunnels to pfSense, using the same settings, figuring Strongswan should work as well as Openswan. So far it's a disaster. The results vary from working reasonably, to 25-75% packet loss, to total loss. I've spend hours on the phone with Rackspace techs trying to work out where the problem is. It's not at all apparent.

    I'd far rather use the pfSense Strongswan than have to stand up systems behind it to handle Openswan. And it's hard to believe Strongswan has so much apparent trouble with a Cisco. Have others seen this problem? Is there some set of protocol settings which is magic for this combo?

    0
  • B

    I am connecting to ASA 5505s and 5515s without any packet loss issues, but I don't pass much traffic. Maybe enable the Cisco extensions under IPsec advanced settings?

    0
  • W

    Thanks for the suggestion. Not the solution here, but was worth experimenting with.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy