i have post this same question on "Unix & Linux" but iv got no answer and will delete from there but ill try here too. I need this as soon as possible to solve it or at least to find out what is the problem. I already have configure similar scenario and works perfect, but this one i can't find way is not working as it should be. Some times i have 40% packet lost and some times i have 5% ...
I have configured IPSec tunnels with Openswan and Cisco ASA, i have established a connection and the ping was fine, but after some time there is request time out from both sites. I don't have ASA access but its default IPSec configuration,this is the openswan conf parameters.
#Define your IKE policy
authby=secret
keyingtries=0
pfs=no
ike=3des-sha1;modp1024
ikelifetime="28800"
dpddelay=0
dpdtimeout=0
dpdaction=clear
#Define IPSec Policy
phase2=esp
phase2alg=3des-sha1
ikev2=no
keyexchange=ike
rekey=no
forceencaps=no
keylife="28800"
I have found this in the "/var/log/seccure" logs
received Delete SA(0x937bbc29) payload: deleting IPSEC State #5
received and ignored informational message
received Delete SA(0x55f62168) payload: deleting IPSEC State #8
received and ignored informational message
Also i like to put some more logging/debuging so i can have more info but can't find any good example or doc. on how to.
And i have the following doc. on Phase 1 and 2
Encryption Algorithm 3DES
Hash Algorithm SHA1
Authentication method Preshare
Diffie Hellman Group Group 2
Lifetime (Key) 28800
Use NAT traversal No
Use PFS No
Encapsulation ESP
Encryption Algorithm 3DES
Hash Algorithm SHA1
Lifetime (Key) 28800
Any solution or hints or some parameters that I'm missing ?
