Hi Yogesh, > I have two ends of site to site VPN where both are configured with > strongswan and version IKEv1.
Please use IKEv2 if you have strongSwan on both sides, no reason to use a deprecated protocol. > Is it normal behavior of strongswan, that we can establish only one > tunnel at a time on the same machine using same certificate(RSA) ? > Or what is the expected behavior in this case ? Yes, this is the default behavior, a single IKE_SA per pair of identities. Have a look at the uniqueids option (or unique in swanctl.conf). Regards, Tobias