IPSEC Interop problem with Cisco using multiple SA's
David DeSimone
fox at verio.net
Tue May 9 03:04:31 UTC 2006
Eugene M. Kim <ab at astralblue.net> wrote:
>
> I haven't tried this myself, but you may want to try using
> "unique:<policy-id>" instead of "require" as the policy level
After reading up on this behavior, I gave it a try, replacing all
"require" policies with "unique". I found that there was no need to
set a policy identifier, as the system apparently chooses a random
identifier if none is specified, and so all SPD's create unique SAD's as
a result.
The result leads to exactly the behavior that I (and Cisco) expect to
see, and my mutiple tunnels are now fully operational.
Thank you for the help with this!
--
David DeSimone == Network Admin == fox at verio.net
"It took me fifteen years to discover that I had no
talent for writing, but I couldn't give it up because
by that time I was too famous. -- Robert Benchley
More information about the freebsd-net
mailing list