So... I've been diagnosing this problem with IPSEC on FreeBSD interoperating against both a Cisco ASA and a set of FreeS/WAN clients. The configuration is that dozens of FreeS/WAN clients connect to the FreeBSD IPSEC gateway --- FreeBSD uses Racoon to authenticate and exchange keys with them. This appears to work fine.
The FreeBSD IPSEC stack is then also talking to a remove Cisco ASA with "unique" tunnels for 5 destination hosts. This is working poorly. The issue is: FreeBSD sees the rekey request as failing (so it continues to use the old tunnel) and the ASA "seems" to see it succeeding (it starts using a new tunnel after the rekey). I'm a little bit at wit's end because we've tried to ask the Cisco to not rekey (and just reset everything during a daily downtime), but the cisco seems to insist on rekeying the tunnels. Has anyone encountered anything like this? _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
