Hi all,<br>   I  want to add below three SPD rules. <br><br>source          destination               protocol        action<br>1)<a href="http://0.0.0.0/0">0.0.0.0/0</a>       172.31.114.239            any            ipsec<br>
2)<a href="http://0.0.0.0/0">0.0.0.0/0</a>       <a href="http://0.0.0.0/0">0.0.0.0/0</a>                     ah/esp         none<br>3)<a href="http://0.0.0.0/0">0.0.0.0/0</a>      <a href="http://0.0.0.0/0">0.0.0.0/0</a>                      any               discard.<br>
<br>I tried by adding these rules using openswan.  Only two rules are getting added in Security policy database, the pass through rule is not added(verified using setkey tool). <br>Please find my ipsec.conf below<br><br><br>
config setup<br>        protostack=netkey<br>        nat_traversal=yes<br>        virtual_private=<br>        oe=off<br>        nhelpers=0<br>        interfaces=%defaultroute<br><br>conn west-east<br>    left=172.31.114.245<br>
    right=172.31.114.239<br>    leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a><br>    keyexchange=ike<br>    auto=add<br>    auth=esp<br>    authby=secret<br>    pfs=no<br>    keylife=120m<br>    rekey=yes<br>    ikelifetime=240m<br>
    keyingtries=0<br><br>conn drop<br>        left=172.31.114.245<br>        right=172.31.114.239<br>        leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a><br>        rightsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a><br>
        type=drop<br>        authby=never<br>        auto=route<br><br>conn passthrough<br>        left=172.31.114.245<br>        leftprotoport=ah<br>        right=172.31.114.239<br>        leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a><br>
        rightsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a><br>        type=passthrough<br>        authby=never<br>        auto=route<br><br> Please correct me if my configuration is wrong. It would be great, if you help me out on this.<br>
<br><br>Regards,<br>Saravanan N<br><br><br>