>>The "strict-ip-check 0" simply allows the IP >>address to change *after* the tunnel has been established Thanks for clearing that.
I have a better idea now on how I might road warrior working. Not look at the " &prototype.validate_peer_ip" but have something like IP address/netmask. Do you think that would work? Regards Dom -----Original Message----- From: David F. Skoll [mailto:[EMAIL PROTECTED]] Sent: 09 January 2003 13:09 To: Cressatti, Dominique Cc: [EMAIL PROTECTED] Subject: RE: rp-l2tp On Thu, 9 Jan 2003, Cressatti, Dominique wrote: > Can you expand? because I tried the following: > ============= > # Peer section > section peer > peer 195.157.58.113 > So given that I have "strict-ip-check 0", I would think that > if am coming from 195.157.58.114 it would still work. Nope, because the source IP address is used to look up the secret and other parameters. The "strict-ip-check 0" simply allows the IP address to change *after* the tunnel has been established -- apparently, some systems send subsequent packets from a different IP address than the original packet. Regards, David.
