Cheers. It worked beautifully.
Tiago
On 17-04-2015 08:27, Martin Willi wrote:
Hi,
Does %dynamic work in net2net? Or only in road-warrior scenarios?
If any has been negotiated, %dynamic resolves to the virtual IP for that
endpoint. If not, it resolves to the IKE endpoint address. It can be
Hi,
> Does %dynamic work in net2net? Or only in road-warrior scenarios?
If any has been negotiated, %dynamic resolves to the virtual IP for that
endpoint. If not, it resolves to the IKE endpoint address. It can be
used in either scenario, but has a slightly different behavior.
Regards
Martin
__
Thanks a lot for your prompt response!
Does %dynamic work in net2net? Or only in road-warrior scenarios?
Tiago
On 16-04-2015 17:14, Noel Kuntze wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
Yes, use %dynamic in rightsubnet as follows: rightsubnet=foo,bar,%dynamic
If you use
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
Yes, use %dynamic in rightsubnet as follows: rightsubnet=foo,bar,%dynamic
If you use use IKEv1, you need to define several SAs for each combination of
subnets.
For IKEv2, the mentioned combination would be just fine.
Mit freundlichen Grüß
My understanding is that only traffic towards the subnets declared in:
rightsubnet
is tunnelled and, therefore, encrypted. Whereas traffic towards the IP
address of the remote gateway declared in:
right
is routed outside of the tunnel.
Example:
Gateway Sun address (WAN-facing): 1