[strongSwan] Issue Connecting to Cisco Natted device using IKEv1

Paul Fitzgibbons paul.fitzgibbons at connectinternetsolutions.com
Wed Aug 26 17:52:03 CEST 2015

I have recently started using StrongSwan to connect to an IKEv1/IPSEC vpn on
a clients Cisco device.


I think I may have a strange issue. Or at least one that I don't currently


With the righted set to the public IP address of the Cisco device I can
bring up the VPN and StrongSwan reports "Connection Established"


If I then enter "strongswan status" No SAs are shown.  If I try and ping an
interesting IP still no SAs are shown.


If I then edit the ipsec.conf and change the righted to be the Nat'd address
of the Remote Cisco device, 

restart strongswan 

strongswan status 

I immediately get SAs displayed


If the system is rebooted I can then no longer connect and have to edit the
config back to the public IP, connect and edit/restart strongswan.


Any thoughts?  Has anyone else experienced this issue?


Thanks for any advice.







This e-mail (and any attachments) is private and confidential. If you have 
received it in error, please notify the sender immediately and delete it 
from your system. Do not use, copy or disclose the information in any way 
nor act in reliance on it.

Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of Connect
Internet Solutions Ltd. This e-mail and any attachments are believed to be
virus free but it is the recipient's responsibility to ensure that they are.

Connect Internet Solutions Ltd
(A company registered in England No: 04424350)
Registered Office: 4th Floor, New Barratt House, 47 North John Street,
Liverpool, L2 6SG
Telephone: +44 (0) 151 282 4321
VAT registration number: 758 2838 85
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150826/a9b31d45/attachment.html>

More information about the Users mailing list