[Openswan Users] Openswan to Cisco ASA: Encaps OK, no Decaps

Patrick Naubert patrickn at xelerance.com
Thu Jan 31 19:41:24 EST 2013

Rescued from the Spam bucket.  Please remember to subscribe to the mailing list before posting to it.

From: <ron.johnston at rexquist.com>
Subject: Openswan to Cisco ASA: Encaps OK, no Decaps
Date: 28 January, 2013 1:01:04 PM EST
To: users at lists.openswan.org

Hi, we have recently used OpenSwan (2.6.3) to create a tunnel to a Cisco ASA.

The tunnel comes up.  From the Linux box running OpenSwan, I can see traffic initiated from the users on the Cisco side come through the tunnel and target the web server.  On the Web Server, I can see traffic come in, acknowledged, and return packets sent; the return packets do not make it back to the Linux box so they do not go through the tunnel.

If I do a wget on the linux box to the same page requested from the Cisco side user, the page is returned.


Thanks in advance.


Test 1
OpenSwan server --> Web Server --> OpenSwan server        [OK]

Test 2 (VPN Tunnel)
User --> Cisco ASA --> OpenSwan --> Web Server --> ????    [Not OK]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130131/24d4307f/attachment.html>

More information about the Users mailing list