[strongSwan] IPSec VPN between Cisco ASA and StrongSwan

jm+strongswan at roth.lu jm+strongswan at roth.lu
Sun Apr 26 12:56:56 CEST 2015

Hi all,

My problem currently is understand IKEv2 between Cisco ASA and 
Strongswan using two distinct PSKs.

On the ASA you simply specify a local and a remote key.

In Strongswan, more specifically in ipsec.secrets, it appears that you 
should not simply specify something along the lines of:

     lefthost : PSK leftpsk
     righthost : PSK rightpsk

In any case if I do it like that, the success of building a tunnel 
varies with who the initiator is, or the tunnel only seems to build in 
one direction.... you get the picture.

It seems to me (I found some hints but no real doc) that you have to 
specify the direction like this:

     lefthost righthost : PSK rightpsk
     righthost lefthost : PSK leftpsk

In any case, after lots of experimenting this seems to be the only way 
that works both ways and independently of who is the initiator.

Now I'd like to know if that is indeed correct, and where I could have 
found the docs.



More information about the Users mailing list