I wrote:
> Maybe another way is setting up a second tunnel to encrypt the traffic
> between the two outside interfaces of your gatways.
If you are using 4.0 then it is worth reading the manpage of
ipsec.onf(5). It has greatly improved since 3.9 and there is almost no
need to use isakmpd.conf/isakmpd.policy.
In your case, maybe a:
ike esp from <ourside-gw1> to <outside-gw2>
ike esp from 10.16.0.0/16 to 10.1.0.0/16 peer <outside-gw2>
in the first gatways ipsec.conf and a corresponding configuration on the
second gatway will do the work.
Ralph
--
--- Ralph Gessner ----------------------------------------------------
PGP: RSA:0xAEB9DC31 S/MIME: [EMAIL PROTECTED]
DSS:0x566405B9 http://www.shryke.de/ca [EMAIL PROTECTED]
----------------------------------------------------------------------
