Timo Teras <timo.teras@...> writes:
> > This is the only setup I've been using. That is having wildcard 0/0 > policies to protect all traffic. > > I generally prefer the wildcard policy setup; but I can also understand > that in some circumstances having node-to-node specific policies might > be preferable. Unfortunately I have no experience with that. > > /Timo > > Timo, Thanks for the reply. Unfortunately this solution falls down if you have multiple spokes behind the same NAT since IPSec does not know which tunnel to send the NHRP packet to. Without the NAT, I config the HUB's IPsec with "generate_policy unique" and that solves it. Scott ------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF _______________________________________________ opennhrp-devel mailing list opennhrp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/opennhrp-devel
