Please forgive the previous correspondence's typos. I noticed that I
emailed out the version that had not been proofed. Please note the
details below.
When running the following command on openbsd 7.5 -stable
#ipsecctl -s all -vv
under the subheading for one of the tunnels our team receives the
following entry
counter:
....
608 packets dropped on input
...
We were curious to know what could possibly be the source/cause of these
packets being dropped and more specifically who/what is dropping these
packets ie what is the source of this data value?
The circumstances driving this inquiry is that our team has an IKEv2 vpn
connection where the tunnel between two sites is always successfully
established (at least this is the feedback from all of our ipsecctl -s
all inquiries) but traffic flow across the enc0 interface occurs very
intermittently and some times not at all. The remote end of the tunnel
is operating across a Cisco ASA 5550 appliance.
We have perused our pf.conf file in an attempt to determine if a
particular rule set may be prohibiting the network traffic flow but at
the present time the only enc0 related pf rule states
- pass on enc0
Again, at times traffic will flow across enc0 flawlessly but in those
circumstances after the ikelifetime(IKE SA expiration) expires the ipsec
link will be reestablish but traffic will cease to flow across enc0.
Another group manages the Cisco ASA 5550 and we are first looking into
any issues on our side of the link that may be responsible for the
current set of technical challenges.
Any suggestions on approaches to further troubleshooting this issue are
appreciated.
Thank you much.
-------
Boyd Stephens
I85Cyber.org
No comments:
Post a Comment