[strongSwan] Host to Network IPSec PSK Vpn tunnel
Muhammad Yousuf Khan
sirtcp at gmail.com
Thu Mar 16 07:29:25 CET 2017
Hi,
There is a requriment from our client that we need a ipsec tunnel for
communication.
as per our experience with Openvpn we can do that very easily however IPsec
works very differently therefore i need your assistence.
here is the scenario
Computer[Strongswan]-----[ipsec-tunnel]------ASA-5500----[Lan-Network]
Since our VM has public IP and it is on cloud, i have two question in this
regard.
- Does this even possible or i am doing it wrong?
- let say if it is possble and here is the example config.
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn net-net
left=192.168.0.1
leftsubnet={Confusing Part}
leftid=@moon.strongswan.org
leftfirewall=yes
right=192.168.0.2
rightsubnet=10.2.0.0/16
rightid=@sun.strongswan.org
auto=add
now here is the confusion part leftsubnet is technically called
encryption domain in Cisco. so how come my public IP of a cloud VM can
be in both role as remote peer and encryption domain? this is very
confusing part.
any help will be highly appreciated.
Thanks,
yousuf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170316/c81d7801/attachment.html>
More information about the Users
mailing list