[strongSwan] Working configuration to connect to an ASA

Thu Apr 25 00:43:24 CEST 2013

P.S.: The connection succeeds, when I use vpnc to connect. What could
cause stronswan to not get a reply?
Both the psk and my xauth-credentials are in my local ipsec.secrets.
Here's a part of my config. The last part is the one that matters.

Regards,
Noel

conn %default
        ikelifetime=60m
        inactivity=30s
        keylife=20m
        rekeymargin=3m
        keyingtries=3
        keyexchange=ikev2
        esp=aes256-sha512-modp4096,aes256-sha1-modp1024
        ike=aes256-sha512-modp4096,aes256-sha1-modp1024
        tfc=%mtu
        dpdaction=restart
        dpddelay=10
        dpdtimeout=60
        compress=yes

conn fh
#       leftauth=psk
#       leftauth2=xauth
        authby=xauthpsk
        leftgroups=<a group>
        keyexchange=ikev1
        aggressive=yes # Also doesn't work, if set to no
        xauth=client
        ike=3des-md5-modp1024 # I just took the oldest cipher supported
by the asa
        esp=3des-md5-modp1024
        left=192.168.178.46
        right=<remote fqdn>
        rightsubnet=<remote subnet>
        auto=route