<div dir="ltr"><div dir="ltr">Hi<div><br></div><div>Iam also interested to know how to configure with "swanctl.conf"....</div><div>would this config method work?</div><div><br></div><div><br>=================================================<br>connections {<br><br>...........<br>.....................<br><br>remote {<br> id = keyid:ciscoasa<br> auth = psk<br> }<br> <br> ...<br> ..............<br><br><br>}<br><br><br>secrets {<br> tst1 {<br>id = @#636973636f617361<br>secret = test123456789<br> }<br>}<br></div><div>=======================================</div><div><br></div><div>With ipsec.conf, i have been configuring as below and this works very successfully:</div><div><br></div><div>=======================</div><div><br></div><div>conn testserver1</div><div> left=172.29.100.74</div><div> right=%any</div><div> leftid=172.29.100.74</div><div> rightid=keyid:svtgrp1</div><div>.....</div><div> auto=add</div><div>....</div><div><br></div><div>and in the ipsec.secrets file, i configured as below:</div><div><br></div><div>172.29.100.74 @#0x73767467727031 : PSK "Admin$123456789"<br></div><div><br></div><div>============================================================</div><div><br></div><div>Iam planning to move to swanctl.conf....hence wanting to confirm</div><div><br></div><div><br></div><div>thanks & regards</div><div>Rajiv</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Sep 15, 2020 at 2:16 PM Tobias Brunner <<a href="mailto:tobias@strongswan.org">tobias@strongswan.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Volodymyr,<br>
<br>
> ikev2-cisoasa {<br>
> remote_addrs = %any<br>
> local { ... }<br>
> remote {<br>
> auth = psk<br>
> id = @#636973636f617361<br>
<br>
This can't work. The # character is used for comments, so you basically<br>
configured an empty FQDN identity. Either wrap this string in quotes<br>
<br>
id = "@#636973636f617361"<br>
<br>
or use the keyid: prefix<br>
<br>
id = keyid:ciscoasa<br>
<br>
Regards,<br>
Tobias<br>
</blockquote></div></div>