From owner-freebsd-security Tue Mar 5 3:24:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from papa.tanu.org (kame195.kame.net [203.178.141.195]) by hub.freebsd.org (Postfix) with ESMTP id 06D0737B402 for ; Tue, 5 Mar 2002 03:24:18 -0800 (PST) Received: from localhost (kame197.kame.net [203.178.141.197]) by papa.tanu.org (8.11.6/8.11.6) with ESMTP id g25BSrQ96503; Tue, 5 Mar 2002 20:28:53 +0900 (JST) (envelope-from sakane@kame.net) To: mlists@daydreamer.dk Cc: freebsd-security@FreeBSD.ORG Subject: Re: Racoon/sainfo - 'no policy found' In-Reply-To: Your message of "Tue, 5 Mar 2002 11:46:24 +0100" <005701c1c432$ff531b50$0301a8c0@dpws> References: <005701c1c432$ff531b50$0301a8c0@dpws> X-Mailer: Cue version 0.6 (011026-1440/sakane) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Message-Id: <20020305202455H.sakane@kame.net> Date: Tue, 05 Mar 2002 20:24:55 +0900 From: Shoichi Sakane X-Dispatcher: imput version 20000228(IM140) Lines: 35 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Okai i'll try drawing it then: > VPN > Office 1--------- > \ > \ > === Main office > VPN / > Offic 2----------/ > > > Then my question is do i have to set any special parm. in order for the box > at the main office to accept both tunnels? (I've seen several conf examples > where the last part variates from require/use/unique and so on. But the > function of those cmd's i could'nt find anything about?) suppose that the security gateway for the office 1 is named SG1 and it's outernal ipv4 address is sg1. similarly, one for office 2 is named SG2 and sg2, one for main office is named SGM, and sgm. the network address of office 1 is net1, similarly net2 and netm. then the security policy configuration on each security gateway is the following, on SG1: spdadd net1 netm any -P out esp/tunnel/sg1-sgm/require; spdadd netm net1 any -P in esp/tunnel/sgm-sg1/require; on SG2: spdadd net2 netm any -P out esp/tunnel/sg2-sgm/require; spdadd netm net2 any -P in esp/tunnel/sgm-sg2/require; on SGM: spdadd netm net1 any -P out esp/tunnel/sgm-sg1/require; spdadd net1 netm any -P in esp/tunnel/sg1-sgm/require; spdadd netm net2 any -P out esp/tunnel/sgm-sg2/require; spdadd net2 netm any -P in esp/tunnel/sg2-sgm/require; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message