Hi Jegathesh, as a principle, an IKEv1 peer cannot talk to an IKEv2 peer at all and vice versa but a responder could support both IKEv1 and IKEv2 at the same time. Starting with strongSwan 5.0 this is the case with the default setting
keyexchange=ike as shown in the following example scenario: http://www.strongswan.org/uml/testresults5dr/ike/rw-cert/ whereas a responder with keyexchange=ikev1 will react to IKEv1 initiators only and with keyexchange=ikev2 to IKEv2 initiators only. Regards Andreas On 11/23/2012 08:11 AM, jegathesh malaiyappan wrote: > Hi All, > > I have observed the tunnels are getting established incase of IKE > version mismatch. > > Option 1: > ========= > Initiator : IKEv1 > Responder: IKEv2 > > *Result:* Tunnels are not establised > > Option 2: > ========= > Initiator : IKEv2 > Responder: IKEv1 > > *Result:* Tunnels are establised > Why it's happening? Is this correct behavior or not? > > Thanks. > > - Jegathesh, > ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
