[strongSwan] Round robin connections to redundant ASA's
ekgermann at semperen.com
Sat Jul 16 19:39:14 CEST 2016
We’re running StrongSwan 5.4.0 in an AWS environment. The remote end is a pair of Cisco ASA’s set up in a redundant configuration on two different ISP’s (two different peer IP’s).
On the AWS side is there a way to make the same rightsubnet available to two different right peers?
My current thinking is we set right = %PeerA to permit connections from either peer IP when we’re the responder and initiate a connection to PeerA when we’re the initiator. The thought is % enables rightany and we secure it by screening udp/500 and 4500 at the AWS security group level to just the two peers.
The main question is, how do we or can we have a second target for same connection or round robin them even to PeerB?
Thoughts or am I completely off base?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3705 bytes
Desc: not available
More information about the Users