Question

Can I use floating IP to connect Cisco ASA 5545 VPN server ?

Posted May 7, 2021 118 views
NetworkingDigitalOcean Droplets

I need to connect the VPN server with the STRONGSWAN client. I have created an Ubuntu droplet and assign floating IP to it and install strongswan.Then I have given my floating IP, private IP with IPsec PSK to the VPN server-side(Cisco ASA 5545 VPN server.) to allow access through VPN.

This is for send SMPP trafic.

But I can’t access their servers through a VPN.

Can I send outbound traffic with floating IP?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hi @cgweeratunga,

You should be able to. Having said that, I’m not sure I understand the setup entirely.

If I got it correctly, you have a droplet with DigitalOcean which has a floating IP address which you are trying to connect to, correct? From that Droplet you wish to connect to another VPN or I’m understanding something wrong? Please let me know so that I can try and give some suggestions.

  • Thanks for the reply!
    Yes, you got it correctly.
    I can’t up my tunnel with the below command.

    ipsec up <tunnel name>
    

    This is my server log.

    charon: 15[IKE] sending retransmit 5 of request message ID 0, seq charon: 15[NET] sending packet: from 159.xx.xx.xx[500] to 125.xxx.xxx.xxx[500] (180 bytes)
    charon: 04[NET] error writing to socket: Network is unreachable
    

    I have added Floating IP(left= 159.xx.xxx.xxx) as ipsec leftside like below.

    This is tunnel configuration on /etc/ipsec.conf

    /etc/ipsec.conf
    
    # ipsec.conf - strongSwan IPsec configuration file
    # basic configuration
    
    config setup
    strictcrlpolicy=no
    uniqueids = yes
    charondebug = "all"
    
    
    # Add connections here.
    
    # Sample VPN connections
    
    conn sender_to_des
    left= 159.xx.xxx.xxx
    leftid = 159.xx.xxx.xxx
    leftsubnet = 10.xxx.0.0/20
    right = 125.xxx.xxx.xxx
    rightsubnet = 10.xx.xx.xx/32
    esp = aes256-sha-modp1024!
    ike = aes256-sha-modp1024!
    ikelifetime = 1h
    lifetime = 1h
    dpddelay = 30s
    dpdtimeout = 120s
    dpdaction = restart
    authby = secret
    auto = start
    keyexchange = ikev1
    type = tunnel
    closeaction = restart
    keyingtries = %forever