I have a linux box configured to authenticate by RSA signature using x509 certificate self-signed. My peer is a cisco router ASA-5505. Both sides have the CA (self signed) certificate authority and they are using IKEv2 and everything is working but I have one question:
Why do I need to have the certificate from the peer installed locally in the directory /etc/ipsec.d/certs ??? It's weird to me because the ASA-5505 doesn't have any information about the certificate from the linux box, it's negotiated at the time of connection. If I remove the directive at ipsec.conf pointing to a local certificate copy from the peer, a receive a message: constraint check failed: identity '10.15.1.1' required and the connection does not succeed. I think that my configuration is incomplete. Thanks, Ventura
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
