Hi Andreas,<div><br></div><div>Thanks lot fot your reply. </div><div><br></div><div>So From 5.0 Onwards, </div><div><br></div><div>If responder is using "keyexchange=ike" then initiator may be ikev1 or Ikev2. </div>
<div><br></div><div>If initiator is using "keyexchange=ikev1" then responder should be ikev1. <br><br>If initiator is using "keyexchange=ikev2" then responder should be ikev2. </div><div><br></div><div>
Please confirm whether my understanding is correct or not. </div><div><br></div><div>Thanks. </div><div><br></div><div>Regards,</div><div>Jegathesh.M</div><div><br></div><div><br></div><div><div class="gmail_quote">On Fri, Nov 23, 2012 at 12:57 PM, Andreas Steffen <span dir="ltr"><<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Jegathesh,<br>
<br>
as a principle, an IKEv1 peer cannot talk to an IKEv2 peer at all<br>
and vice versa but a responder could support both IKEv1 and<br>
IKEv2 at the same time. Starting with strongSwan 5.0 this is the<br>
case with the default setting<br>
<br>
keyexchange=ike<br>
<br>
as shown in the following example scenario:<br>
<br>
<a href="http://www.strongswan.org/uml/testresults5dr/ike/rw-cert/" target="_blank">http://www.strongswan.org/uml/<u></u>testresults5dr/ike/rw-cert/</a><br>
<br>
whereas a responder with<br>
<br>
keyexchange=ikev1<br>
<br>
will react to IKEv1 initiators only and with<br>
<br>
keyexchange=ikev2<br>
<br>
to IKEv2 initiators only.<br>
<br>
Regards<br>
<br>
Andreas<div class="im"><br>
<br>
On 11/23/2012 08:11 AM, jegathesh malaiyappan wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
Hi All,<br>
<br>
I have observed the tunnels are getting established incase of IKE<br>
version mismatch.<br>
<br>
Option 1:<br>
=========<br>
Initiator : IKEv1<br>
Responder: IKEv2<br>
<br></div>
*Result:* Tunnels are not establised<div class="im"><br>
<br>
Option 2:<br>
=========<br>
Initiator : IKEv2<br>
Responder: IKEv1<br>
<br></div>
*Result:* Tunnels are establised<div class="im"><br>
Why it's happening? Is this correct behavior or not?<br>
<br>
Thanks.<br>
<br>
- Jegathesh,<br>
<br>
</div></blockquote>
==============================<u></u>==============================<u></u>==========<br>
Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a><br>
strongSwan - the Linux VPN Solution! <a href="http://www.strongswan.org" target="_blank">www.strongswan.org</a><br>
Institute for Internet Technologies and Applications<br>
University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
==============================<u></u>=============================[<u></u>ITA-HSR]==<br>
</blockquote></div><br><br>
</div>