Hi,
There is a requriment from our client that we need a ipsec tunnel for
communication.
as per our experience with Openvpn we can do that very easily however IPsec
works very differently therefore i need your assistence.
here is the scenario
Computer[Strongswan]-----[ipsec-tunnel]------ASA-5500----[Lan-Network]
Since our VM has public IP and it is on cloud, i have two question in this
regard.
- Does this even possible or i am doing it wrong?
- let say if it is possble and here is the example config.
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn net-net
left=192.168.0.1
leftsubnet={Confusing Part}
[email protected]
leftfirewall=yes
right=192.168.0.2
rightsubnet=10.2.0.0/16
[email protected]
auto=add
now here is the confusion part leftsubnet is technically called
encryption domain in Cisco. so how come my public IP of a cloud VM can
be in both role as remote peer and encryption domain? this is very
confusing part.
any help will be highly appreciated.
Thanks,
yousuf
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
