[strongSwan] Host to Network IPSec PSK Vpn tunnel

Muhammad Yousuf Khan sirtcp at gmail.com
Thu Mar 16 07:29:25 CET 2017


Hi,


There is a requriment from our client that we need a ipsec tunnel for
communication.
as per our experience with Openvpn we can do that very easily however IPsec
works very differently therefore i need your assistence.

here is the scenario

Computer[Strongswan]-----[ipsec-tunnel]------ASA-5500----[Lan-Network]

Since our VM has public IP and it is on cloud, i have two question in this
regard.

- Does this even possible or i am doing it wrong?

- let say if it is possble and here is the example config.

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	authby=secret
	keyexchange=ikev2
	mobike=no

conn net-net
	left=192.168.0.1
	leftsubnet={Confusing Part}
	leftid=@moon.strongswan.org
	leftfirewall=yes
	right=192.168.0.2
	rightsubnet=10.2.0.0/16
	rightid=@sun.strongswan.org
	auto=add

now here is the confusion part leftsubnet is technically called
encryption domain in Cisco. so how come my public IP of a cloud VM can
be in both role as remote peer and encryption domain? this is very
confusing part.

any help will be highly appreciated.


Thanks,

yousuf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170316/c81d7801/attachment.html>


More information about the Users mailing list