Strongswan to Cisco ASA with multiple right subnet

cisco-asa strongswan cisco-vpn

Solution 1:

The answer is simple, Cisco ASAs don't support multiple traffic selectors per CHILD_SA. So you have to negotiate individual CHILD_SAs for each combination of local and remote subnet you want to tunnel. That is, something like:

conn host2
    ...
    rightsubnet=192.168.1.0/24
    ...

conn host2-2
    also=host2
    rightsubnet=192.168.2.0/24

conn host2-3
    also=host2
    rightsubnet=192.168.3.0/24

Related

Running su with -c gives unrecognized command error
finding which tier 1 or isp to connect to to reduce latency [closed]
Nginx location matching with regex year/month/day/*
How to extract specific emails from Exchange Online using PowerShell and move or sort them?
Java Jar file: use resource errors: URI is not hierarchical
How to change placeholder color on focus?
Running a node express server using webpack-dev-server
Stream Way to get index of first element matching boolean
Can I adjust the "100+ matches in X files" from Intellijs "find in path"
Generic type checking
Are there shortcut keys for ReSharper's Unit Test Runner?
Why does .ToString() on a null string cause a null error, when .ToString() works fine on a nullable int with null value?