[strongSwan] How to ignore incoming IKE_SA_INIT to StrongSwan system

Pisano, Stephen G (Stephen) Stephen.Pisano at alcatel-lucent.com
Tue May 24 14:22:03 CEST 2011

Any suggestions on ways to configure strongSwan to allow it to be the initiator but not the responder?


From: users-bounces+stephen.pisano=alcatel-lucent.com at lists.strongswan.org [mailto:users-bounces+stephen.pisano=alcatel-lucent.com at lists.strongswan.org] On Behalf Of Eduardo Torres
Sent: Wednesday, May 18, 2011 8:47 PM
To: users at lists.strongswan.org
Subject: Re: [strongSwan] How to ignore incoming IKE_SA_INIT to StrongSwan system

Forgot to add, the target of this is to have the strongswan system to be the only initiator of the IKE_SA

Thanks and Regards
Eduardo M. Torres

On 5/18/2011 8:44 PM, Eduardo Torres wrote:
Hi StrongSwan team,

I have the following configuration: StrongSwan in one peer and Fortinet Security Gateway is the other peer, both running IKEv2.
I want to know if it is possible to configure StrongSwan (in ipsec.conf or strongwan.conf) to ignore any IKE_INIT_SA request from the Fortinet or other security gateway.

Any help is appreciated.
Thanks in advance

Eduardo M. Torres


Users mailing list

Users at lists.strongswan.org<mailto:Users at lists.strongswan.org>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110524/d01fabd7/attachment.html>

More information about the Users mailing list