IKEv2 Cisco ASA and strongSwan

This topic is to discuss the following lesson:

https://networklessons.com/cisco-asa/ikev2-cisco-asa-and-strongswan/

Thanx Rene,
This a very clear manual. Gonna use it right away…

Andre

Thanks rené,

My present configuration is quite the same but I don’t have (yet) a subnet under the strongswan platform (this may come later).
So I would like to configure the VPN and test it (ping, scp…) directly with the strongwan plateform and not with its subnet.
What should I change in your configuration for it ?
Thanks again.

Hello Luc,

In this case, you might want to test to configure strongSwan as a remote client perhaps.

First I would try to configure a Cisco router as the VPN server and use a Cisco client. Here’s an example:

Cisco Easy VPN

Once this is working, see if you can replace the client with Strongswan:

https://www.strongswan.org/testing/testresults/ikev1/xauth-psk/

Rene

Rene,

How are you using the Ubuntu server with the strongswan on it. Is it in a laptop or do you have a server. Reason for asking is I am wondering how you got the two ports. Maybe you could point me in the right direction on how to set my lab up. thank you

Hi Cristopher,

I use a HP proliant DL360 G7 with a quad NIC running VMware ESXi. Using virtual machines is a great way to test things like this. You can also use a single physical connection from your VMware server to your switch and then configure it as a trunk. Each virtual NIC in your virtual machine can then use a different VLAN.

Rene

Hi Rene,
Just confuse but what’s benifit of using strongwan with a linux server instead cisco router or ASA devices ?
Thanks!

Hello Nguyen

strongSwan has some EAP and mobility extensions that can be useful for enterprise networks. However, the reason why you would use strongSwan for such a connection is primarily because it is a software package that has widespread use, and you will see it frequently in corporate networks. For this reason, it is a good idea to understand how to interconnect with it, as you may be called upon to make such a connection. Because it is well documented and maintained, it is likely that you will encounter it in the marketplace.

Although much of what strongSwan does can be done with a Cisco ASA, it is always good to know how to interconnect with devices of other vendors.

I hope this has been helpful!

Laz

1 Like

Thanks Laz much !!!

1 Like

Hi Rene,

The strongswan client and cisco router combo is exactly the setup i need right now.

I configured a asa 5505 as remote access vpn server, and i am able to connect to it using the cisco vpn client. But for some reason I can’t get the strongswan settings right to connect to the asa.

I created a test environment (see pic) and I tried creating the conf file using the following guides:

https://www.strongswan.org/testing/testresults/ikev1/xauth-psk/

https://www.cisco.com/c/en/us/support/docs/network-management/remote-access/117257-config-ios-vpn-strongswan-00.html

But without any luck.

I would really appreciate if you could help me out setting up the config for my scenario.

regards

jerrel

Hello Jerrel

Can you share with us more details about the types of problems you are having? Where is your configuration failing? Can you attempt to show us some verification commands such as those found in the Verify section of the Cisco document you shared? This way we’ll be able to help you more efficiently.

Looking forward to hearing from you.

Laz