[TriLUG] OpenBSD VPN doesn't initiate VPN to Cisco ASA

[Chris Bullock]

We have many tunnels (about 50) and for some reason I just set up a tunnel with a Cisco ASA and we can not initiate the connection from the OpenBSD side.  If the Cisco side pings a device on the OpenBSD side the tunnel comes up.  On the Cisco side they have bidirectional enabled, and they are not seeing the OpenBSD try to initiate the tunnel.  Running tcpdump I have confirmed that we are not trying to connect.  I asked the openbsd guys and the only response is that for some reason the Cisco is sending a "DELETE SA" which forces my BSD box to drop the tunnel and not attempt to reconnect.  This is indeed the case.  Even though this is happening, I need this tunnel to stay up.  Anyone know of a way to force OpenBSD to bring up 1 tunnel or ever experienced this behavior.


Any help would be appreciated,
Regards,
Chris