Hello, collegues!
There is a VPN scheme where two sites are connected with a VPN tunnel. Both peers are based on OpenBSD. The remote site does not have a static IP address so the standard site-to-site VPN is not possible. This peer is configured as a remote VPN client. Here is its configuration in ipsec.conf file:
ike dynamic esp from 172.27.77.0/24 to { 192.168.254.0/24 192.168.200.0/24 192.168.252.0/24 } \
peer x.x.x.x \
aggressive auth hmac-sha1 enc 3des \
quick auth hmac-sha1 enc aes-128 \
srcid "username@domain" psk "<pre-shared-key>"
On the server I found the isakmpd.conf file with parameters for all VPNs terminated on the device. Specifically for this peer the following string is:
[username@domain]
Authentication= <pre-shared-key>
As we see there is not as many parameters as we use on Cisco VPN Client. No tunnel-group and no pre-shared key. (I think the mentioned 'pre-shared-key' is used in x-auth mode authentication).
And now I need to replace the local OpenBSD server with ASA5540 and to configure as a Remote Access VPN server for the peer.
If anybody has dealt with this kind of communication before, please, help me configure ASA5540 for this.
Thank you.