[strongSwan] Round robin connections to redundant ASA's
Eric Germann
ekgermann at semperen.com
Sat Jul 16 19:39:14 CEST 2016
All,
We’re running StrongSwan 5.4.0 in an AWS environment. The remote end is a pair of Cisco ASA’s set up in a redundant configuration on two different ISP’s (two different peer IP’s).
On the AWS side is there a way to make the same rightsubnet available to two different right peers?
My current thinking is we set right = %PeerA to permit connections from either peer IP when we’re the responder and initiate a connection to PeerA when we’re the initiator. The thought is % enables rightany and we secure it by screening udp/500 and 4500 at the AWS security group level to just the two peers.
The main question is, how do we or can we have a second target for same connection or round robin them even to PeerB?
Thoughts or am I completely off base?
EKG
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3705 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160716/ff86bcb6/attachment.bin>
More information about the Users
mailing list