[strongSwan-dev] [strongswan]: [IKEV2]: IKE SA Establising with By pass policy configured in other end
jegathesh malaiyappan
mjegakathir at gmail.com
Wed Mar 20 16:57:38 CET 2013
Hi All,
Any input for this scenario?
Thanks.
Regards,
Jegathesh
On Wed, Mar 20, 2013 at 10:29 AM, jegathesh malaiyappan <
mjegakathir at gmail.com> wrote:
> Hi,
>
> *
> *
>
> *Strongswan : 4.5.3 *
>
> *
> *
>
> Strongswan establishing the IKE SA with by-pass policy configured on the
> other end.
>
>
> *Could anybody explain me the reason for this? *
>
>
>
> *NODE A* ß
> -----------------------------------------------------------------------àNODE
> B
>
> (Initiator &
> Responder)
> (Initiator & Responder)
>
>
>
> NODE A ---à conn403 is configured in NODE A
>
> NODE B --à conn403 is not configured in NODE B, conn0 (bypass Policy)
> configured
>
>
>
>
> <snip> NODE B
>
> conn conn0
>
> type=passthrough
>
> leftsubnet=5.5.5.5/32
>
> rightsubnet=50.1.1.10/24
>
> </snip>
>
>
>
> <snip> *NODE A*
>
> conn conn403
>
> type=tunnel
>
> leftsubnet=4.1.1.1/32
>
> rightsubnet=40.1.1.100/24
>
> left=4.1.1.1
>
> right=4.1.1.10
>
> keyexchange=ikev2
>
> reauth=no
>
> ike=aes128-sha1-modp1024,3des-sha1-modp1024!
>
> ikelifetime=84395s
>
> esp=aes128-sha1,3des-sha1!
>
> authby=pubkey
>
> rightid=%any
>
> leftid="192.168.255.129"
>
> keylife=86400s
>
> dpdaction=restart
>
> dpddelay=10
>
> dpdtimeout=120
>
> rekeyfuzz=50%
>
> rekeymargin=180s
>
> </snip>
>
>
>
> Thanks in advance.
>
>
>
> -Jegathesh
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130320/af7457fa/attachment.html>
More information about the Dev
mailing list