[Openswan Users] cisco pix ipsec again
Paul Wouters
paul at xelerance.com
Mon May 16 15:41:51 CEST 2005
On Mon, 16 May 2005, Markus Feilner wrote:
> Am Freitag, 13. Mai 2005 18:06 schrieb Paul Wouters:
>> On Fri, 13 May 2005, Markus Feilner wrote:
>>> As far as I know, the cisco pixs can add several hosts to an
>>> existing tunnel.
>>> Is something similar possible with ipsec under linux?
>>
>> Ahh, then this is just a terminology confusion. These are actually
>> seperate phase 2's that happen to use the same phase 1. For openswan
>> you just configure them as seperate conns, and they will automaticaly
>> re-use the same phase 1.
>
> I guess I than must set my "leftsubnet=" to the host that should connect
> (for every connection).
> But in the Cisco Pix configuration they can configure hosts on both
> sides.
> Won't I run into routing problems with several tunnels to the same host?
Nope. That is how it is supposed to be. One phase 1 shared with all phase 2
SA's. The Cisco does the same thing, but lets you configure it differently.
Paul
More information about the Users
mailing list