On Tue, 15 May 2018, Bobby Jones wrote:
I have been beating my head against this for awhile, and I'm hoping that
someone can point me in the right direction.
I have a number of IPSec tunnels established, mostly from libreswan to Cisco
ASAs. Most are IKE v1, and in that case if I
want to reach multiple hosts on the remote side I can have a formulation like
this in my .conf file:
conn test1
rightsubnet=192.168.1.111/255.255.255.255
rightsourceip=192.168.1.111
also=test_common
auto=start
conn test2
rightsubnet=192.168.1.112/255.255.255.255
rightsourceip=192.168.1.112
also=test_common
auto=start
However, if I use this syntax with IKEv2, I can start test1 and reach
192.168.1.111, but test2 will then not complete.
That should work. Can you provide more logs to see what is happening?
This formulation gets me up to the point where I see "STATE_PARENT_I2: sent v2I2,
expected v2R2" but then all I get is
"STATE_PARENT_I2: retransmission".
Odd, you should always recent an answer to I2. Especially since you got
an answer to I1, so it shows no firewall is in the way.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
