Date: Tue, 19 Jul 2011 14:25:39 -0400 From: Zaphod Beeblebrox <zbeeble@gmail.com> To: freebsd-hackers@freebsd.org Subject: setkey and -ctx Message-ID: <CACpH0MeMKxuiTx7yDdGD%2BPvhSwnXpnO-xJAT_14uWh9Dia51yQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I have a Cisco ASA which expects a different tunnel for each IP that I'm sending traffic to (ie: it expects a different tunnel per firewall rule over there). It looks like I should have each SA in a different domain on my side to do this --- so it looks like I should be using the "-ctx" flag to setkey (or in /etc/ipsec.conf). But setkey appears to reject this... Is this unimplemented? Am I missing something?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACpH0MeMKxuiTx7yDdGD%2BPvhSwnXpnO-xJAT_14uWh9Dia51yQ>