Colleagues,
Running Strongswan 5.4.0 in AWS and have a customer who wants to terminate
their VPN tunnel on a pair of ASA 5505’s running active/standby on two separate
adjacent IP’s (two different datacenter in same city with redundant providers
running BGP).
I’m trying to think this through on the Strongswan side of things. Since the
devices will mirror their configs (sans the external IP), the connection
parameters should be the same.
If I do a range of IP’s for the “right” parameter, am I correct in
understanding it will accept from either IP?
Obviously, their end which is active will be the initiator and we’ll answer
appropriately, but if WE need to be the initiator, does Strongswan cycle
through the range of IP’s specified in the right parameter to connect to them
or does it randomly pick one to connect to?
Looking to swap experiences (even off list) with someone who has done something
similar before.
Thanks in advance
EKG
smime.p7s
Description: S/MIME cryptographic signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users