Date: Mon, 8 May 2006 22:04:29 -0500 From: David DeSimone <fox@verio.net> To: freebsd-net@freebsd.org Subject: Re: IPSEC Interop problem with Cisco using multiple SA's Message-ID: <20060509030428.GA16965@verio.net> In-Reply-To: <445FDB7B.1060704@astralblue.net> References: <20060508220101.GA15248@verio.net> <445FDB7B.1060704@astralblue.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Eugene M. Kim <ab@astralblue.net> wrote: > > I haven't tried this myself, but you may want to try using > "unique:<policy-id>" instead of "require" as the policy level After reading up on this behavior, I gave it a try, replacing all "require" policies with "unique". I found that there was no need to set a policy identifier, as the system apparently chooses a random identifier if none is specified, and so all SPD's create unique SAD's as a result. The result leads to exactly the behavior that I (and Cisco) expect to see, and my mutiple tunnels are now fully operational. Thank you for the help with this! -- David DeSimone == Network Admin == fox@verio.net "It took me fifteen years to discover that I had no talent for writing, but I couldn't give it up because by that time I was too famous. -- Robert Benchley
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060509030428.GA16965>