Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 11 Mar 2004 10:29:51 +0100 (MET)
From:      Helge Oldach <helge.oldach@atosorigin.com>
To:        nicks@OntheNet.com.au (Nick Slager)
Cc:        net@freebsd.org
Subject:   Re: IPsec: odd behaviour with policies
Message-ID:  <200403110929.KAA27502@galaxy.hbg.de.ao-srv.com>
In-Reply-To: <20040310052556.GA33553@OntheNet.com.au> from Nick Slager at "Mar 10, 2004  6:25:56 am"

next in thread | previous in thread | raw e-mail | index | archive | help
Nick Slager:
>I have a newly created VPN between a 4.8 box and a Cisco VPN 3000
>Concentrator.
>
>/etc/ipsec.conf:
>
>flush;
>spdflush;
>spdadd 192.168.1.1/32 1.2.3.4/32 any -P out ipsec
>esp/tunnel/203.1.1.1-203.2.2.2/require;
>spdadd 1.2.3.4/32 192.168.1.1/32 any -P in ipsec
>esp/tunnel/203.2.2.2-203.1.1.1/require;
>
>spdadd 192.168.1.1/32 1.2.3.5/32 any -P out ipsec
>esp/tunnel/203.1.1.1-203.2.2.2/require;
>spdadd 1.2.3.5/32 192.168.1.1/32 any -P in ipsec
>esp/tunnel/203.2.2.2-203.1.1.1/require;

Try using "unique" instead of "require".

(This is my standard answer on the subject. :-))

Helge



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403110929.KAA27502>