On Fri, May 11 2007 at 08:13, [EMAIL PROTECTED] wrote: > ok i misinterpreted the man page, this is what i needed instead... > > ike esp from a.a.a.0/24 to b.b.b.0/21 local x.x.x.142 peer y.y.y.218 > ike esp from x.x.x.142 to b.b.b.0/21 local x.x.x.142 peer y.y.y.218 > ike esp from x.x.x.142 to y.y.y.218
> On 5/11/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > When using ipsec.conf to set up the vpn on redundant firewalls with carp > > on the outside interface, I noticed that the session is using the ip of the > > physical interface and not the ip of the carp interface which the remote end > > is listening for. When looking in the man pages there are options for local > > <localip> remote <peerip> but setting this up seems to give me a syntax > > error. I had this working a few days ago and now I cant seem to figure out > > what im doing wrong. Hi, I read somewhere on the list that you cannot assign IPs to the interfaces if you are using carp + pfsync + sasyncd. You should have only the carp IP set up. Is your config working ? Did you test failover ? Thanks, Claer
