Hi Andreas, Thanks lot fot your reply.
So From 5.0 Onwards, If responder is using "keyexchange=ike" then initiator may be ikev1 or Ikev2. If initiator is using "keyexchange=ikev1" then responder should be ikev1. If initiator is using "keyexchange=ikev2" then responder should be ikev2. Please confirm whether my understanding is correct or not. Thanks. Regards, Jegathesh.M On Fri, Nov 23, 2012 at 12:57 PM, Andreas Steffen < [email protected]> wrote: > Hi Jegathesh, > > as a principle, an IKEv1 peer cannot talk to an IKEv2 peer at all > and vice versa but a responder could support both IKEv1 and > IKEv2 at the same time. Starting with strongSwan 5.0 this is the > case with the default setting > > keyexchange=ike > > as shown in the following example scenario: > > http://www.strongswan.org/uml/**testresults5dr/ike/rw-cert/<http://www.strongswan.org/uml/testresults5dr/ike/rw-cert/> > > whereas a responder with > > keyexchange=ikev1 > > will react to IKEv1 initiators only and with > > keyexchange=ikev2 > > to IKEv2 initiators only. > > Regards > > Andreas > > > On 11/23/2012 08:11 AM, jegathesh malaiyappan wrote: > >> Hi All, >> >> I have observed the tunnels are getting established incase of IKE >> version mismatch. >> >> Option 1: >> ========= >> Initiator : IKEv1 >> Responder: IKEv2 >> >> *Result:* Tunnels are not establised >> >> >> Option 2: >> ========= >> Initiator : IKEv2 >> Responder: IKEv1 >> >> *Result:* Tunnels are establised >> >> Why it's happening? Is this correct behavior or not? >> >> Thanks. >> >> - Jegathesh, >> >> ==============================**==============================** > ========== > Andreas Steffen [email protected] > strongSwan - the Linux VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ==============================**=============================[**ITA-HSR]== >
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
