[strongSwan-dev] [strongswan]: [IKEV2]: IKE SA Establising with By pass policy configured in other end
jegathesh malaiyappan
mjegakathir at gmail.com
Wed Mar 20 05:59:25 CET 2013
Hi,
*
*
*Strongswan : 4.5.3 *
*
*
Strongswan establishing the IKE SA with by-pass policy configured on the
other end.
*Could anybody explain me the reason for this? *
*NODE A* ß
-----------------------------------------------------------------------àNODE
B
(Initiator &
Responder)
(Initiator & Responder)
NODE A ---à conn403 is configured in NODE A
NODE B --à conn403 is not configured in NODE B, conn0 (bypass Policy)
configured
<snip> NODE B
conn conn0
type=passthrough
leftsubnet=5.5.5.5/32
rightsubnet=50.1.1.10/24
</snip>
<snip> *NODE A*
conn conn403
type=tunnel
leftsubnet=4.1.1.1/32
rightsubnet=40.1.1.100/24
left=4.1.1.1
right=4.1.1.10
keyexchange=ikev2
reauth=no
ike=aes128-sha1-modp1024,3des-sha1-modp1024!
ikelifetime=84395s
esp=aes128-sha1,3des-sha1!
authby=pubkey
rightid=%any
leftid="192.168.255.129"
keylife=86400s
dpdaction=restart
dpddelay=10
dpdtimeout=120
rekeyfuzz=50%
rekeymargin=180s
</snip>
Thanks in advance.
-Jegathesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130320/48fdbf65/attachment.html>
More information about the Dev
mailing list