All, We’re running StrongSwan 5.4.0 in an AWS environment. The remote end is a pair of Cisco ASA’s set up in a redundant configuration on two different ISP’s (two different peer IP’s).
On the AWS side is there a way to make the same rightsubnet available to two different right peers? My current thinking is we set right = %PeerA to permit connections from either peer IP when we’re the responder and initiate a connection to PeerA when we’re the initiator. The thought is % enables rightany and we secure it by screening udp/500 and 4500 at the AWS security group level to just the two peers. The main question is, how do we or can we have a second target for same connection or round robin them even to PeerB? Thoughts or am I completely off base? EKG
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
