Hi, We are in a very critical state of our project. Please fin gtime to respond to the issue below. I would be of great help to us
Thanks in advance, Ritu On 9/16/09, vivek bairathi <bairathi.vi...@gmail.com> wrote: > Hi, > > We have the requirement that traffic between same source-destination IPs > but > different source-destination ports is channeled through different > security associations > > Connetion Tunnel IP. Src IP Dst IP Src Port > Dst Port SA Ptr > 1 a.a.a.a 1.1.1.1 2.2.2.2 100 > 100 1 > 2 b.b.b.b 1.1.1.1 2.2.2.2 200 > 200 2 > > With above configuration, If we bring up Connection 1 a new policy is > created with tunnel IP a.a.a.a > > On bringing up connection 2, ref count of the previous policy is > incremented in the stack and the policy in the kernel is updated, > tunnel ip now being b.b.b.b > > Increasing reference count indicates that only a single SPD is used > for both SAs. If our understanding is correct, then what is the use of > creating 2 separate SAs? > As per our understanding 2 different policies should be created, so > that the traffic coming from different ports can be protected using > the to different SAs that have been created. > > Can our requirment of channelising traffic between same IPs but > different port into two separate SAs be achieved somehow using > charon? > > Please find attached the ipsec.conf files and the log files for your > reference. > _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users