Good evening all,
I am testing Strongswan <-> Cisco interop on our device. The issue seems to be
on Cisco side. All the same, would like to ask the question here as someone may
have faced a similar issue.
Any inputs would be highly appreciated.
Issue: Tunnel is established and child SA is installed. Strongswan is pushing
packets nicely into the tunnel. The Cisco router al the same is not pushing the
interesting traffic into tunnel.
Some data points:
Tunnel is up:
root@t1024rdb:/usr/local/etc# ipsec status m1
Security Associations (1 up, 0 connecting):
m1[1]: ESTABLISHED 3 seconds ago,
172.16.31.1[172.16.31.1]...172.16.21.1[172.16.21.1]
m1{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: c31e9466_i ca4d6288_o
m1{1}: 192.168.9.0/24 === 10.10.9.0/24
On CISCO side:
If I use SRC ping, traffic is pushed in tunnel:
Switch#ping 192.168.9.1 source 10.10.9.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.9.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.9.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/10 ms
Switch#
Problem: A device on the CISCO side 10.10.9 network cannot reach 192.168.9
(Strongswan side) nwk. It's GW is Cisco. So when Cisco gets the icmp req:
10.10.10.9.3 -> 192.168.9.3
It arps using for the IP instead of pushing into tunnel.
Have seen a lot of posts with this problem but none of the solution is working
for me.
If anyone out here has faced this issue, your feedback would be very much
appreciated.
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
Cell: +1-226-501-5666
Fax:+1-289-401-5206
Email: [email protected]
Website: www.iS5Com.com
Confidentiality Notice:
This message is intended only for the named recipients. This message may
contain information that is confidential and/or exempt from disclosure under
applicable law. Any dissemination or copying of this message by anyone other
than a named recipient is strictly prohibited. If you are not a named recipient
or an employee or agent responsible for delivering this message to a named
recipient, please notify us immediately, and permanently destroy this message
and any copies you may have. Warning: Email may not be secure unless properly
encrypted.
