<div dir="ltr">Hi,<div><br></div><div><br></div><div>There is a requriment from our client that we need a ipsec tunnel for communication. </div><div>as per our experience with Openvpn we can do that very easily however IPsec works very differently therefore i need your assistence. </div><div><br></div><div>here is the scenario</div><div><br></div><div>Computer[Strongswan]-----[ipsec-tunnel]------ASA-5500----[Lan-Network]</div><div><br></div><div>Since our VM has public IP and it is on cloud, i have two question in this regard.</div><div><br></div><div>- Does this even possible or i am doing it wrong?</div><div><br></div><div>- let say if it is possble and here is the example config. </div><div><pre style="color:rgb(0,0,0);word-wrap:break-word;white-space:pre-wrap">conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn net-net
left=192.168.0.1
leftsubnet={Confusing Part}
leftid=@<a href="http://moon.strongswan.org">moon.strongswan.org</a>
leftfirewall=yes
right=192.168.0.2
rightsubnet=<a href="http://10.2.0.0/16">10.2.0.0/16</a>
rightid=@<a href="http://sun.strongswan.org">sun.strongswan.org</a>
auto=add</pre><pre style="color:rgb(0,0,0);word-wrap:break-word;white-space:pre-wrap">now here is the confusion part leftsubnet is technically called encryption domain in Cisco. so how come my public IP of a cloud VM can be in both role as remote peer and encryption domain? this is very confusing part. </pre><pre style="color:rgb(0,0,0);word-wrap:break-word;white-space:pre-wrap">any help will be highly appreciated.</pre><pre style="color:rgb(0,0,0);word-wrap:break-word;white-space:pre-wrap"><br></pre><pre style="color:rgb(0,0,0);word-wrap:break-word;white-space:pre-wrap">Thanks,</pre><pre style="color:rgb(0,0,0);word-wrap:break-word;white-space:pre-wrap">yousuf</pre><pre style="color:rgb(0,0,0);word-wrap:break-word;white-space:pre-wrap"><br></pre></div></div>