Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPsec to Cisco ASA – not stable or good

    IPsec
    2
    3
    386
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      whitwye last edited by

      We've been running a IPsec tunnel between office and Rackspace environments for several years, using Openswan on Linux for the office end, Cisco ASAs at Rackspace.

      Tried moving the simpler of those tunnels to pfSense, using the same settings, figuring Strongswan should work as well as Openswan. So far it's a disaster. The results vary from working reasonably, to 25-75% packet loss, to total loss. I've spend hours on the phone with Rackspace techs trying to work out where the problem is. It's not at all apparent.

      I'd far rather use the pfSense Strongswan than have to stand up systems behind it to handle Openswan. And it's hard to believe Strongswan has so much apparent trouble with a Cisco. Have others seen this problem? Is there some set of protocol settings which is magic for this combo?

      1 Reply Last reply Reply Quote 0
      • B
        barnettd last edited by

        I am connecting to ASA 5505s and 5515s without any packet loss issues, but I don't pass much traffic. Maybe enable the Cisco extensions under IPsec advanced settings?

        1 Reply Last reply Reply Quote 0
        • W
          whitwye last edited by

          Thanks for the suggestion. Not the solution here, but was worth experimenting with.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post