[strongSwan] Multiple IKE-SA's between two endpoints
Tarik Demirci
tarik at tarikdemirci.com
Wed Jan 7 11:44:30 CET 2015
Hi Everyone,
I have the requirement to establish multiple IKE-SA's between two
endpoints using pre-shared keys. My questions are:
- Is it possible to do this with IKEv1? Wiki says secrets may become a
problem. Would it cause other problems if I use the same secret for
each IKE-SA?
Wiki says: "When using IKEv1 an additional complexity arises in the
case of authentication by preshared secret: the responder will need to
look up the secret before the Peer's ID payload has been decoded, so
the ID used will be the IP address."[1]
- What is the best practice when using IKEv2? I think using different
left and rightids for each IKE-SA is way to go but I wonder if it's
appropriate to use ids for this purpose (I mean same endpoints).
- Is there any caveat I should be aware of in this type of
configuration (both for IKEv1 and IKEv2)?
Any help in this regard is appreciated.
Regards,
Tarik.
[1] https://wiki.strongswan.org/projects/strongswan/wiki/IpsecSecrets
--
Tarık Demirci
tarikdemirci.com
More information about the Users
mailing list