IPSEC Interop problem with Cisco using multiple SA's
VANHULLEBUS Yvan
vanhu_bsd at zeninc.net
Tue May 9 08:08:11 UTC 2006
On Mon, May 08, 2006 at 10:04:29PM -0500, David DeSimone wrote:
> Eugene M. Kim <ab at astralblue.net> wrote:
> >
> > I haven't tried this myself, but you may want to try using
> > "unique:<policy-id>" instead of "require" as the policy level
>
> After reading up on this behavior, I gave it a try, replacing all
> "require" policies with "unique". I found that there was no need to
> set a policy identifier, as the system apparently chooses a random
> identifier if none is specified, and so all SPD's create unique SAD's as
> a result.
To be more exact, you can set up a manual reqid between 1 and
IPSEC_MANUAL_REQID_MAX (0x3fff by default), or let the system take the
next available value from IPSEC_MANUAL_REQID_MAX+1.
Yvan.
--
NETASQ - Secure Internet Connectivity
http://www.netasq.com
More information about the freebsd-net
mailing list