Hi
[sorry - previously replied to single poster, not the list]
Thanks for the pointer. I've got it working!
The Cisco ASA appears to send the Distinguished Name as its identifier, so
changing:
id = vpntest.example.com
to
id = "C=UK, ST=Example, O=Example, OU=Example, CN=vpntest.example.com"
es it only apply
if the peer device sends FQDN instead of DN?
Many thanks
Julian
-Original Message-
From: Andreas Steffen
Sent: 05 July 2019 10:50
To: Regel, Julian (CSS) ; users@lists.strongswan.org
Subject: Re: [strongSwan] Certificate-based IPsec tunnel failing to complete
Hi Jul
Hi
I am trying to configure an IPsec tunnel between a Cisco ASA and StrongSWAN,
using IKEv2 and certificates for authentication.
I'm running StrongSWAN version 5.6.2-1ubuntu2.4, installed on Ubuntu 18.04.2
LTS.
I am using a self-signed certificate on the ASA end. Unfortunately, I'm getting