Hi, all exports :)

I have some questions.

Now, I am doing Ipsec between CISCO 1941 Router and strongSwan based IKEV2, PSK.

Actually, I success SA tunning between CISCO 1941 and strongSwan but, I found that strongswan didn't allocated Virtual IP from CISCO Router.

Please any body help me to solving that problems...... :(

P.S) And there are any methods I can allocate virtual ip from CISCO 1941 Router to StrongSwan?

Below logs are My strong swan logs and Cisco Configuration.

======================================================

01-06 10:17:53.943921 INFO oam.net.ipsec[982]: iwswan CONNECTED

01-06 10:17:53.981023 INFO oam.net.ipsec[982]: Swan updown state changed strongswan_ap[CONNECTING]
01-06 10:17:53.981207 INFO oam.net.ipsec[982]: name:strongswan_ap
01-06 10:17:53.981343 INFO oam.net.ipsec[982]: lastAlert:SUCCESS
01-06 10:17:53.981492 INFO oam.net.ipsec[982]: iface:eth0
01-06 10:17:53.981624 INFO oam.net.ipsec[982]: myId:%any
01-06 10:17:53.981752 INFO oam.net.ipsec[982]: myIp:10.253.4.206
01-06 10:17:53.981878 INFO oam.net.ipsec[982]: virtualIp:
01-06 10:17:53.982005 INFO oam.net.ipsec[982]: otherId:%any
01-06 10:17:53.982149 INFO oam.net.ipsec[982]: otherIp:10.253.4.9
01-06 10:17:53.982402 INFO oam.net.ipsec[982]: natDetected:false
01-06 10:17:53.982531 INFO oam.net.ipsec[982]: reauth:false
01-06 10:17:54.053046 INFO oam.net.ipsec[982]: Swan updown state changed strongswan_ap[CONNECTED]
01-06 10:17:54.053235 INFO oam.net.ipsec[982]: name:strongswan_ap
01-06 10:17:54.053441 INFO oam.net.ipsec[982]: lastAlert:SUCCESS
01-06 10:17:54.053629 INFO oam.net.ipsec[982]: iface:eth0
01-06 10:17:54.053817 INFO oam.net.ipsec[982]: myId:10.253.4.206
01-06 10:17:54.054003 INFO oam.net.ipsec[982]: myIp:10.253.4.206
01-06 10:17:54.054191 INFO oam.net.ipsec[982]: virtualIp:
01-06 10:17:54.054377 INFO oam.net.ipsec[982]: otherId:10.253.4.9
01-06 10:17:54.054543 INFO oam.net.ipsec[982]: otherIp:10.253.4.9
01-06 10:17:54.054710 INFO oam.net.ipsec[982]: natDetected:false
01-06 10:17:54.054873 INFO oam.net.ipsec[982]: reauth:false

========================================================

crypto ikev2 proposal iProposal
encryption aes-cbc-128
integrity sha1
group 2
!
crypto ikev2 policy iPolicy
match fvrf any
proposal iProposal
!
crypto ikev2 keyring innoKeyring
peer femto_cisco
address 10.253.4.206
pre-shared-key local i1234
pre-shared-key remote i1234
!
!
!
crypto ikev2 profile iProfile
match identity remote address 10.253.4.206 255.255.255.255
authentication remote pre-share key inno1234
authentication local pre-share
keyring local iKeyring
!
!
crypto isakmp invalid-spi-recovery
!
!
crypto ipsec transform-set iTS esp-aes esp-sha-hmac
mode tunnel
!
crypto map iMap client configuration address respond
crypto map iMap 10 ipsec-isakmp
set peer 10.253.4.206
set transform-set iTS
set ikev2-profile iProfile
match address iAccesslist
!
crypto map iNewMap client configuration address respond
!
crypto map iNewmap client configuration address respond
!
interface Tunnel0
ip address negotiated
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 10.253.4.9 255.255.255.0
duplex auto
speed auto
no mop enabled
crypto map iMap
!
interface GigabitEthernet0/1
ip address 10.10.2.9 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
interface Vlan26
no ip address
crypto map iMap
!
ip local pool iPool 10.10.1.6
ip default-gateway 10.253.4.1
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 10.10.1.6 255.255.255.255 10.253.4.206
!
ip access-list extended iAccesslist
permit ip 10.10.2.0 0.0.0.255 host 10.10.1.6
!