Re: [strongSwan] Help setting up VPNs

[Brian Topping]

I have engaged Mr Kuntze in the past and found his services to be exceptionally 
good. He was prompt with solutions and took care with details. His pricing is a 
good value and I would not hesitate to recommend him based on positive past 
experiences. 

Sent from my iPhone

> On Sep 7, 2020, at 03:05, Kim Mølgaard  wrote:
> 
> 
> Hi!
> I have been tasked to migrate a Cisco ASA VPN setup to Strongswan.
> This involves 3 ipsec site-to-site VPNs
> I have access to the ASA appliance, so i can get all the info from that, but 
> i need someone to help setting these up in strongswan.
> 
> I will pay for an consultant to do this, so please respond with a quote for 
> this job.
> Companies located in the EU is preferred
> 
> Mvh.
> Kim Mølgaard
> ITandMore
> Tlf.: +45 93 89 83 79
> https://itandmore.dk
> CVR nr. 38147110

Re: [strongSwan] IKE Phase 1 and Phase 2 parameters

[Noel Kuntze]

For completeness, if you were to configure an AH CHILD_SA, you'd use the "ah=" 
parameter instead of the "esp=" parameter.

Kind regards

Noel

Am 06.09.20 um 00:16 schrieb Leroy Tennison:
> Thank you, I appreciate the reply.
> 
> Harriscomputer
> 
> *Leroy Tennison
> *Network Information/Cyber Security Specialist
> E: le...@datavoiceint.com
> P:
> 
>   
> 
> 
>   
> 
> 2220 Bush Dr
> McKinney, Texas
> 75070
> www.datavoiceint.com  
> 
> This message has been sent on behalf of a company that is part of the Harris 
> Operating Group of Constellation Software Inc.
> 
> If you prefer not to be contacted by Harris Operating Group please notify us 
> .
> 
>  
> 
> This message is intended exclusively for the individual or entity to which it 
> is addressed. This communication may contain information that is proprietary, 
> privileged or confidential or otherwise legally exempt from disclosure. If 
> you are not the named addressee, you are not authorized to read, print, 
> retain, copy or disseminate this message or any part of it. If you have 
> received this message in error, please notify the sender immediately by 
> e-mail and delete all copies of the message.
> 
>  
> 
> --
> *From:* Andreas Steffen 
> *Sent:* Saturday, September 5, 2020 12:30 AM
> *To:* Leroy Tennison ; users@lists.strongswan.org 
> 
> *Subject:* [EXTERNAL] Re: [strongSwan] IKE Phase 1 and Phase 2 parameters
>  
> CAUTION: This email originated from outside of the organization. Do not click 
> links or open attachments unless you recognize the sender and know the 
> content is safe.
> 
> 
> Hi Leroy,
> 
> the Phase 2 crypto proposals can be set with the "esp=" parameter in
> ipsec.conf.
> 
> Best regards
> 
> Andreas
> 
> On 05.09.20 00:31, Leroy Tennison wrote:
>> I either don't know what to look for on the web or am having trouble
>> finding settings for IKE phase 1 and phase 2 negotiation.  It seems that
>> the '"ike=" ipsec.conf parameter specifies settings for Phase 1 but I'm
>> not finding anything for Phase 2 for Strongswan.  Other IPSec
>> implementations seem to use phase2alg for this but Strongswan either
>> doesn't have this setting or it has another name for it.
>>
>> Can someone explain (or send me a link to an explanation) of how these
>> are decided in Strongswan?  Thanks for your help.
>>
>> Harriscomputer
>>
>> *Leroy Tennison
>> *Network Information/Cyber Security Specialist
>> E: le...@datavoiceint.com
>> P:
>>
>> 2220 Bush Dr
>> McKinney, Texas
>> 75070
>> https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.datavoiceint.com=E,1,4UegVHmZyooZscjXFpQOeRrNuVWVHl9MV7N5mK2EefQfyvSV6JrqnT_DqdvqHsq2iqVi4U1AB4Yc-bMVDKQCrmpLzAXFqpP43vPM4-vzJA,,=1
>>   
>>
>> This message has been sent on behalf of a company that is part of the
>> Harris Operating Group of Constellation Software Inc.
>>
>> If you prefer not to be contacted by Harris Operating Group please
>> notify us 
>> .
>>
>>
>>
>> This message is intended exclusively for the individual or entity to
>> which it is addressed. This communication may contain information that
>> is proprietary, privileged or confidential or otherwise legally exempt
>> from disclosure. If you are not the named addressee, you are not
>> authorized to read, print, retain, copy or disseminate this message or
>> any part of it. If you have received this message in error, please
>> notify the sender immediately by e-mail and delete all copies of the
>> message.
>>
> ==
> Andreas Steffen andreas.stef...@strongswan.org
> strongSwan - the Open Source VPN Solution!  
>