I also forgot to mention the hardware on the right is a Cisco ASA 5505. Would it be possible to authenticate to the gateway if I have the left side has the CA cert that signed the right's identity cert?
Thanks for the help! Mark -----Original Message----- From: Andreas Steffen [mailto:[email protected]] Sent: Tuesday, June 29, 2010 2:51 AM To: Marwil, Mark-P63354 Cc: [email protected] Subject: Re: [strongSwan] ikev1 without specifying rightid Hi Mark, whereas IKEv2 allows a peer to initiate a connection with the other endpoint's ID given by a wildcard expression (in that case the optional IDr will not be not sent), this not possible with IKEv1. Regards Andreas On 29.06.2010 01:30, Marwil, Mark-P63354 wrote: > I am using Strongswan version 4.3.6 setup according to the example > ikev1/nat-before-esp. This configuration works for me if I specifiy the > full DN for the rightid parameter. When I take the rightid out, the > connection fails. > > I would like to find out if it is possible to just specify the peers IP > address without specifying the DN. Is there a way to tell Pluto that it > should trust the peer even if it does not know the DN? > > Thank you, > > Mark Marwil > ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
