4. IPsec to Cisco ASA – not stable or good

IPsec to Cisco ASA – not stable or good

  • W

    We've been running a IPsec tunnel between office and Rackspace environments for several years, using Openswan on Linux for the office end, Cisco ASAs at Rackspace.

    Tried moving the simpler of those tunnels to pfSense, using the same settings, figuring Strongswan should work as well as Openswan. So far it's a disaster. The results vary from working reasonably, to 25-75% packet loss, to total loss. I've spend hours on the phone with Rackspace techs trying to work out where the problem is. It's not at all apparent.

    I'd far rather use the pfSense Strongswan than have to stand up systems behind it to handle Openswan. And it's hard to believe Strongswan has so much apparent trouble with a Cisco. Have others seen this problem? Is there some set of protocol settings which is magic for this combo?

    0
  • B

    I am connecting to ASA 5505s and 5515s without any packet loss issues, but I don't pass much traffic. Maybe enable the Cisco extensions under IPsec advanced settings?

    0
  • W

    Thanks for the suggestion. Not the solution here, but was worth experimenting with.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy