[Openswan Users] cisco pix ipsec again
Markus Feilner
lists at feilner-it.net
Thu May 19 15:50:02 CEST 2005
Am Montag, 16. Mai 2005 14:41 schrieb Paul Wouters:
> On Mon, 16 May 2005, Markus Feilner wrote:
> > Am Freitag, 13. Mai 2005 18:06 schrieb Paul Wouters:
> >> On Fri, 13 May 2005, Markus Feilner wrote:
> >>> As far as I know, the cisco pixs can add several hosts to an
> >>> existing tunnel.
> >>> Is something similar possible with ipsec under linux?
> >>
> >> Ahh, then this is just a terminology confusion.
You are so right.
> >> These are actually
> >> seperate phase 2's that happen to use the same phase 1. For openswan
> >> you just configure them as seperate conns, and they will automaticaly
> >> re-use the same phase 1.
Right.
> > I guess I than must set my "leftsubnet=" to the host that should connect
> > (for every connection).
> > But in the Cisco Pix configuration they can configure hosts on both
> > sides.
> > Won't I run into routing problems with several tunnels to the same host?
>
> Nope. That is how it is supposed to be. One phase 1 shared with all phase 2
> SA's. The Cisco does the same thing, but lets you configure it differently.
>
> Paul
Thanks Paul !
And thanks to all of the list who helped me through this!
Funny:
What netmask is used by the pix for the tunnel?
I set up a pix here, You can add almost any host to an existing tunnel.
It opens a tunnel for every host2host connection, but does it use a /32
netmask?
I don't know, but am interested... how could I find that out?
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
--
mit freundlichen Grüssen,
Markus Feilner
--
Feilner IT Linux & GIS
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Beraiterweg 4 93047 Regensburg
fon +49 941 9465243 fax +49 941 9465244 mobil + +49 170 3027092
mail mfeilner at feilner-it.net web http://www.feilner-it.net
More information about the Users
mailing list