On Wed, May 02, 2007 at 03:26:36PM -0700, UNIX admin wrote: > > From a practical perspective, the rule syntax is > > very subtle. > > encr_algs aes encr_auth_algs sha1 > > ill use ESP with AES encryption and SHA1 > > authentication. > > > > encr_algs aes auth_algs sha1 > > ses ESP with AES encryption, AH with SHA1 > > authentication, incompatible > > with NAT. > > > > It's a common nuance that people sometimes miss. > > Thank you for the heads up. The thing that concerns me is to find out whether > the above works in Solaris 10, or is in OpenSolaris only.
It's been there since Solaris 8. Change "auth_algs" to "encr_auth_algs" and you'll be in MUCH better shape, I think. Dan
