Colleagues, Running Strongswan 5.4.0 in AWS and have a customer who wants to terminate their VPN tunnel on a pair of ASA 5505’s running active/standby on two separate adjacent IP’s (two different datacenter in same city with redundant providers running BGP).
I’m trying to think this through on the Strongswan side of things. Since the devices will mirror their configs (sans the external IP), the connection parameters should be the same. If I do a range of IP’s for the “right” parameter, am I correct in understanding it will accept from either IP? Obviously, their end which is active will be the initiator and we’ll answer appropriately, but if WE need to be the initiator, does Strongswan cycle through the range of IP’s specified in the right parameter to connect to them or does it randomly pick one to connect to? Looking to swap experiences (even off list) with someone who has done something similar before. Thanks in advance EKG
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
