For completeness, if you were to configure an AH CHILD_SA, you'd use the "ah=" parameter instead of the "esp=" parameter.
Kind regards Noel Am 06.09.20 um 00:16 schrieb Leroy Tennison: > Thank you, I appreciate the reply. > > Harriscomputer > > *Leroy Tennison > *Network Information/Cyber Security Specialist > E: le...@datavoiceint.com > P: > > > > > > > 2220 Bush Dr > McKinney, Texas > 75070 > www.datavoiceint.com <http://www..com> > > This message has been sent on behalf of a company that is part of the Harris > Operating Group of Constellation Software Inc. > > If you prefer not to be contacted by Harris Operating Group please notify us > <http://subscribe.harriscomputer.com/>. > > > > This message is intended exclusively for the individual or entity to which it > is addressed. This communication may contain information that is proprietary, > privileged or confidential or otherwise legally exempt from disclosure. If > you are not the named addressee, you are not authorized to read, print, > retain, copy or disseminate this message or any part of it. If you have > received this message in error, please notify the sender immediately by > e-mail and delete all copies of the message. > > > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > *From:* Andreas Steffen <andreas.stef...@strongswan.org> > *Sent:* Saturday, September 5, 2020 12:30 AM > *To:* Leroy Tennison <le...@datavoiceint.com>; users@lists.strongswan.org > <users@lists.strongswan.org> > *Subject:* [EXTERNAL] Re: [strongSwan] IKE Phase 1 and Phase 2 parameters > > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > Hi Leroy, > > the Phase 2 crypto proposals can be set with the "esp=" parameter in > ipsec.conf. > > Best regards > > Andreas > > On 05.09.20 00:31, Leroy Tennison wrote: >> I either don't know what to look for on the web or am having trouble >> finding settings for IKE phase 1 and phase 2 negotiation. It seems that >> the '"ike=" ipsec.conf parameter specifies settings for Phase 1 but I'm >> not finding anything for Phase 2 for Strongswan. Other IPSec >> implementations seem to use phase2alg for this but Strongswan either >> doesn't have this setting or it has another name for it. >> >> Can someone explain (or send me a link to an explanation) of how these >> are decided in Strongswan? Thanks for your help. >> >> Harriscomputer >> >> *Leroy Tennison >> *Network Information/Cyber Security Specialist >> E: le...@datavoiceint.com >> P: >> >> 2220 Bush Dr >> McKinney, Texas >> 75070 >> https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.datavoiceint.com&c=E,1,4UegVHmZyooZscjXFpQOeRrNuVWVHl9MV7N5mK2EefQfyvSV6JrqnT_DqdvqHsq2iqVi4U1AB4Yc-bMVDKQCrmpLzAXFqpP43vPM4-vzJA,,&typo=1 >> <http://www..com> >> >> This message has been sent on behalf of a company that is part of the >> Harris Operating Group of Constellation Software Inc. >> >> If you prefer not to be contacted by Harris Operating Group please >> notify us >> <https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fsubscribe.harriscomputer.com%2f&c=E,1,qQQq1YvV4u_ZShDLCqe6ghiUzIohwfNuR6V-6AqzFgftMlh-5Nbobp-EOORoIzWq2adFz9aG3LZpUdNYj4upJBJMz07w7sCeQW7TLLFOXsAzMA,,&typo=1>. >> >> >> >> This message is intended exclusively for the individual or entity to >> which it is addressed. This communication may contain information that >> is proprietary, privileged or confidential or otherwise legally exempt >> from disclosure. If you are not the named addressee, you are not >> authorized to read, print, retain, copy or disseminate this message or >> any part of it. If you have received this message in error, please >> notify the sender immediately by e-mail and delete all copies of the >> message. >> > ====================================================================== > Andreas Steffen andreas.stef...@strongswan.org > strongSwan - the Open Source VPN Solution! > https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.strongswan.org&c=E,1,TnfXdKEVY4hBsT5BRDWhOhJbEInvn6v4kQOOwPnwCq1oryz4vIZKgVEWr8GMUM_vRSSfXWdMwYIw3X2HHrBarRLeg6E0nrf1gyjJ5CMFc_Nfyn3Iznk,&typo=1 > Institute for Networked Solutions > HSR University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[INS-HSR]==
signature.asc
Description: OpenPGP digital signature