Date: Tue, 05 Mar 2002 20:24:55 +0900 From: Shoichi Sakane <sakane@kame.net> To: mlists@daydreamer.dk Cc: freebsd-security@FreeBSD.ORG Subject: Re: Racoon/sainfo - 'no policy found' Message-ID: <20020305202455H.sakane@kame.net> In-Reply-To: Your message of "Tue, 5 Mar 2002 11:46:24 %2B0100" <005701c1c432$ff531b50$0301a8c0@dpws> References: <005701c1c432$ff531b50$0301a8c0@dpws>
next in thread | previous in thread | raw e-mail | index | archive | help
> Okai i'll try drawing it then: > VPN > Office 1--------- > \ > \ > === Main office > VPN / > Offic 2----------/ > > > Then my question is do i have to set any special parm. in order for the box > at the main office to accept both tunnels? (I've seen several conf examples > where the last part variates from require/use/unique and so on. But the > function of those cmd's i could'nt find anything about?) suppose that the security gateway for the office 1 is named SG1 and it's outernal ipv4 address is sg1. similarly, one for office 2 is named SG2 and sg2, one for main office is named SGM, and sgm. the network address of office 1 is net1, similarly net2 and netm. then the security policy configuration on each security gateway is the following, on SG1: spdadd net1 netm any -P out esp/tunnel/sg1-sgm/require; spdadd netm net1 any -P in esp/tunnel/sgm-sg1/require; on SG2: spdadd net2 netm any -P out esp/tunnel/sg2-sgm/require; spdadd netm net2 any -P in esp/tunnel/sgm-sg2/require; on SGM: spdadd netm net1 any -P out esp/tunnel/sgm-sg1/require; spdadd net1 netm any -P in esp/tunnel/sg1-sgm/require; spdadd netm net2 any -P out esp/tunnel/sgm-sg2/require; spdadd net2 netm any -P in esp/tunnel/sg2-sgm/require; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020305202455H.sakane>