Discussion:
[strongSwan] Strongswan and Cisco ASA 5585x
Loyc Cossou
2018-10-15 04:47:30 UTC
Permalink
Hi friends,

Since 3 weeks am trying to setup a VPN tunnel from my AWS instance to a
partener Cisco ASA 5585 equipment, with no luck.

Can you please suggest the best config for my ipsec.conf file? Here is the
VPN form:

[image: image.png]
Here is mine. Where am I wrong please?

conn thePartnet
keyexchange=ikev1
leftfirewall=yes
ikelifetime=86400s
keylife=28800s
lifetime=28800s
rekeymargin=3m
keyingtries=3
authby=secret
type=tunnel
left=my.local.ip
leftid = my.public.ip
leftsubnet=my.local.subnet
leftauth=psk
right=the.remote.ip
rightid=the.remote.ip
rightsubnet=the.remote.subnet
rightauth=psk
ike=aes256-sha1-modp1024
esp=aes256-sha1-modp1024!
closeaction=restart
lifebytes = 4608000
auto=start

Many thanks

------
loyc Cossou


[image: Mailtrack]
<https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality6&>
Sender
notified by
Mailtrack
<https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality6&>
15/10/18
à 05:46:50
Tobias Brunner
2018-10-16 09:08:04 UTC
Permalink
Hi Loyc,
Post by Loyc Cossou
Here is mine. Where am I wrong please?
Well, what does the log say?
Post by Loyc Cossou
        leftsubnet=my.local.subnet
What's "my.local.subnet" exactly? Is the other end configured
appropriately?
Post by Loyc Cossou
        rightsubnet=the.remote.subnet
And that as well. Is that related to the "VPN Access permission"?

Regards,
Tobias

Loading...