IKEv2 has some helpful features here. >From what I've read, if you can use IKEv2 the rightsubnet can be a comma separated list allowing one IKE SA to manage the traffic-selectors of these tunnels. Don't know if Cisco supports this.
See the ipsec.conf man page on leftsubnet If this isn't supported, maybe you can create multiple auth IDs (different PSK for each ID) and link one traffic selector to each ID. I think you could do this with N conn sections setting "leftid=..." and with corresponding entries in ipsec.secrets. This smells like the wrong way to do it and I would try to avoid it. On Wed, 2012-08-22 at 16:32 -0300, Leandro . wrote: > Good Afternoon, > > I need to a VPN ipsec/psk with a partner, and the left side (me) is a > subnet (/27) and the other side is just some hosts (starting with 5, > maybe more in the future). > The right side cannot be a subnet, but is mandatory in Cisco ACLs ... > > Is possible with strongSwan ? Which scenario, of those in UML tests > (in the website) can be applicable ? > > Thank you. > > -- > Jefferson Leandro > Curitiba - BR _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
