Hi Everyone, I have the requirement to establish multiple IKE-SA's between two endpoints using pre-shared keys. My questions are:
- Is it possible to do this with IKEv1? Wiki says secrets may become a problem. Would it cause other problems if I use the same secret for each IKE-SA? Wiki says: "When using IKEv1 an additional complexity arises in the case of authentication by preshared secret: the responder will need to look up the secret before the Peer's ID payload has been decoded, so the ID used will be the IP address."[1] - What is the best practice when using IKEv2? I think using different left and rightids for each IKE-SA is way to go but I wonder if it's appropriate to use ids for this purpose (I mean same endpoints). - Is there any caveat I should be aware of in this type of configuration (both for IKEv1 and IKEv2)? Any help in this regard is appreciated. Regards, Tarik. [1] https://wiki.strongswan.org/projects/strongswan/wiki/IpsecSecrets -- Tarık Demirci tarikdemirci.com _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
