On 2013-09-12, Andy <a...@brandwatch.com> wrote:
> In addition to using isakmpd debug 'isakmpd -D A=99 -d'
>
> You also need to configure the policies in ipsec.conf to use 'dynamic' 
> and not any of the other manual modes (man ipsec.conf) "The dynamic mode
>            will additionally enable Dead Peer Detection (DPD) and use 
> the
>            local hostname as the identity of the local peer, if not 
> specified
>            by the srcid parameter."
>
> Dynamic is required to negotiate PFS with the other side I believe.

"Dynamic" is not needed, but IKE is needed (i.e. not manual flows).

Reply via email to