Not every IPsec connection will be blocked, I tried for many times. It seems like:
1.Certificate based will certainly be blocked, PSK and IKEv2 is okay.
2.Avoid transmit ANY parameter in IKE, include leftid/rightid, key exchange process should as simple/fast as possible.
My solution: A very long and complex PSK for both left and right authentication, and avoid any parameter during IKE, not to define leftid/rightid.
No comments:
Post a Comment