Ipsec cisco + strongswan strange mods?

V

Vi2017-06-25 16:38:01

linux

Vi, 2017-06-25 16:38:01

Do not tell someone what it's called
here are the settings
ike=aes256-sha1-modp1536
esp=aes256-sha1-modp1536
tomycisco: #2583, ESTABLISHED, IKEv1, 817891f79de3352c:623de0bf80eb1ebf
local '162.2952.104.1410' @ 10
. 192.190.221.100' @ 192.190.221.100[4500]
AES_CBC-256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
established 6s ago, reauth in 28521s
queued: QUICK_MODE
active: MODE_CONFIG
Connecting from strongswan to Cisco at these addresses.
what does this mean MODE_CONFIG
and does it mean that the connection is established correctly?
What additional manipulations need to be done on the devices to make everything work?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

C

CityCat4, 2017-06-25
@CityCat4

MODE_CONFIG - VPN dynamic configuration mode, in which the server issues settings to the client. Used when establishing tunnels with Windows in transport mode, the so-called roadwarrior mode.

K

ky0, 2017-06-25
@ky0

Strongswana's website has examples for all types of ipsecs with detailed configs for all devices.
https://wiki.strongswan.org/projects/strongswan/wi...