Re: isakmpd - Single Phase 1 - Multiple Phase 2 Address

Thu, 27 Oct 2005 02:46:46 -0700 

This is confirmed to work?  I suppose that would resolve part of my
problem with 4314/system 

~BAS

On Thu, 2005-10-27 at 05:02, Runo Forrisdahl wrote:
> On Wed, Oct 26, 2005 at 02:40:52PM -0400, Roy Morris wrote:
> | I have been reading through the archives but have not found a reliable 
> answer
> | yet. I have recently been converting vpns from manual to isakmpd, with one
> | of the other endpoints being a Cisco box. I can bring up a single subnet/IP 
> | no problem but if I try to add another phase2 connection it fails. 
> | 
> | Does anyone have a config showing this setup? 
> 
> This config works for me after posting a similar question just a few days ago.
> 
> [Phase 1]
> 192.168.15.1=         cisco
> 
> [Phase 2]
> Connections=            tunnel-opengw-cisco,tunnel-opengw-cisco2
> 
> [peer-opengw]
> ID-type=                IPV4_ADDR
> Address=                192.168.20.13
> 
> [peer-cisco]
> ID-type=                IPV4_ADDR
> Address=                192.168.15.1
> 
> [net-opengw]
> ID-type=                IPV4_ADDR_SUBNET
> Network=                172.16.15.0
> Netmask=                255.255.255.0
> 
> [net-cisco]
> ID-type=                IPV4_ADDR_SUBNET
> Network=                10.0.0.0
> Netmask=                255.255.254.0
> 
> [net-cisco2]
> ID-type=                IPV4_ADDR_SUBNET
> Network=                10.0.2.0
> Netmask=                255.255.254.0
> 
> [cisco]
> Phase=                  1
> Transport=              udp
> Local-address=          192.168.20.13
> Address=                192.168.15.1
> Configuration=          main-mode
> Authentication=         Hemmelig
> 
> [opengw-net]
> Phase=                  1
> Network=                172.16.15.0
> Netmask=                255.255.255.0
> Configuration=          main-mode
> 
> [cisco-net]
> Phase=                  1
> Network=                10.0.0.0
> Netmask=                255.255.254.0
> Configuration=          main-mode
> 
> [cisco2-net]
> Phase=                  1
> Network=                10.0.2.0
> Netmask=                255.255.254.0
> Configuration=          main-mode
> 
> [tunnel-opengw-cisco]
> Phase=                  2
> ISAKMP-peer=            cisco
> Configuration=          quick-mode
> Local-ID=               net-opengw
> Remote-ID=              net-cisco
> 
> [tunnel-opengw-cisco2]
> Phase=                  2
> ISAKMP-peer=            cisco
> Configuration=          quick-mode
> Local-ID=               net-opengw
> Remote-ID=              net-cisco2
> 
> [rsa-main-mode]
> DOI=                    IPSEC
> EXCHANGE_TYPE=          ID_PROT
> Transforms=             3DES-SHA-RSA_SIG
> 
> [main-mode]
> DOI=                    IPSEC
> EXCHANGE_TYPE=          ID_PROT
> Transforms=             3DES-SHA
> 
> [quick-mode]
> DOI=                    IPSEC
> EXCHANGE_TYPE=          QUICK_MODE
> Suites=                 QM-ESP-3DES-SHA-SUITE

Reply via email to