[strongSwan] IPSec VPN between Cisco ASA and StrongSwan
jm+strongswan at roth.lu
jm+strongswan at roth.lu
Sun Apr 26 12:56:56 CEST 2015
Hi all,
My problem currently is understand IKEv2 between Cisco ASA and
Strongswan using two distinct PSKs.
On the ASA you simply specify a local and a remote key.
In Strongswan, more specifically in ipsec.secrets, it appears that you
should not simply specify something along the lines of:
lefthost : PSK leftpsk
righthost : PSK rightpsk
In any case if I do it like that, the success of building a tunnel
varies with who the initiator is, or the tunnel only seems to build in
one direction.... you get the picture.
It seems to me (I found some hints but no real doc) that you have to
specify the direction like this:
lefthost righthost : PSK rightpsk
righthost lefthost : PSK leftpsk
In any case, after lots of experimenting this seems to be the only way
that works both ways and independently of who is the initiator.
Now I'd like to know if that is indeed correct, and where I could have
found the docs.
Thanks.
Marki
More information about the Users
mailing list