|
Posted by . on February 22, 2008, 3:58 am
If you were Registered and logged in, you could reply and use other advanced thread options > Hi,
>
> Please reply.
> Thanks
>
>
> > Hi,
>
> > I established two IPSEC tunnels terminating at one hub.
> > Configuration :
> > 1st tunnel : right subnet as 192.168.4.0/24
> > 2nd tunnel: right subnet as 192.168.0.0/16
>
> > Both the tunnels have same gateway as 172.16.28.108
>
> > I am using freeswan code.
>
> > Now what I am observing is that, if I disable the 192.168.4.0/24
> > tunnel, and send ping request to 192.168.4.1, the ICMP IPSEC SA is
> > negotiated for 2nd tunnel (supernet one which is already correctly
> > established.). Why this is happening.
>
> > Further, on continuous pinging (to machine on network 192.168.4.0/24),
> > a new IPSEC SA (for tunnel 192.168.0.0/26) is negotiated on every
> > request.
>
> > On debugging I found that when I disable a perticular tunnel, the path
> > corresponding to it is marked as trapped. Now klips capture the
> > outbound packets on the trapped path and tries to send it through
> > another closest matched active path. Thus in this scenrio, klips is
> > capturing the outbound packets destined for 192.168.4.0/24 subnet and
> > is trying to transfer it through 192.168.0.0/16. Is my inference
> > correct.
>
> > If this is the default behavior, then why IPSEC SA is being
> > renegotiated for every outbound ICMP packet. (IPSEC SA should be
> > established once and then used for every evey ping request)
>
> > Please if you have any hint or refernce then please do share it .
>
> > Thanking You
> > Anshul Makkar
Hi
IPSec tuto:
http://secure-vpn.com/PPTP-L2TP.rar
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map