Hi, We are working on a project where we need a Ipsec vpn tunnel b/w our client to our Virtual private Cloud hosted at google. Due to our client strict policy our clients want a setup where our GCE and VPN instance both must have public IP address. They do not allow us to have GCE on Private IP. (Reason is to avoid conflict of same subnet with other clients). moreover the client end has ASA 5500 cisco firewall.
Google Cloud (till today) is not supporting such feature, however Google support has suggested us to install strongswan on the GCE Server it self where the application is hosted. the point of confusion are. 1- which port forwarding rules should we apply on Google cloud firewall that allow strongswan to work properly? 2. with reference to the document here. http://www.cisco.com/c/en/us/support/docs/ip/internet-key-exchange-ike/117258-config-l2l.html left=172.16.10.2 #strongswan outside address leftsubnet=192.168.2.0/24 #network behind strongswan leftid=172.16.10.2 #IKEID sent by strongswan leftfirewall=yes right=172.16.10.1 #IOS outside address rightsubnet=192.168.1.0/24 #network behind IOS rightid=172.16.10.1 #IKEID sent by IOS auto=add ike=aes128-md5-modp1536 #P1: modp1536 = DH group 5 esp=aes128-sha1 #P2 as you can see left is strongswan outside IP and leftsubnet is the local LAN behind strongswan. now in my case what should i type in "leftsubnet" when there is no any subnet behind strongswan GCE really exist? Any suggestion will be highly appreciated. Thanks, Yousuf
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
