[strongSwan] Strongswan client to ASA server rekey question

Jason Cohen jason.c.cohen at gmail.com
Mon Apr 5 22:46:45 CEST 2010

Greetings.  We are trying to connect a RHEL 5.4 'road-warior' client
running Strongswan 4.3.6 to a Cisco ASA 5500 gateway (tried with
version 7.2 and 8.1).  We are using PKI and XAUTH authentication and
AES256/SHA1/DH2 for IKE and AES/SHA1 (no PFS) for IPsec.  Our client
stays connected for exactly 4 minutes (traffic passes without issue),
which happens to be the time the ASA is set to rekey the IKE SA.  We
have tried matching our rekeying intervals in the ipsec.conf file to
match the ASA settings and still get this issue.  In searching the
documentation and forums, I have not seen many examples of other users
connecting to an ASA.  My questions are a.) is this configuration is
supported by StrongSwan b.) if so, do you have any pointers on a
supported configuration of an ASA and the Strongswan client that I can
reference?  Thanks in advance for your support.


More information about the Users mailing list