Hello, define two connections, one restricting the protocol to ssh and the second one to tftp:
conn ssh also=hosts leftprotoport=tcp rightprotoport=tcp/ssh auto=add conn tftp also=hosts leftprotoport=udp rightprotoport=udp/tftp conn host left= right= #common definitions Regards Andreas On 23.08.2011 16:38, kvunn...@rockwellcollins.com wrote: > > Thanks Andreas. > We have Made some progress by following these steps... > > 1] Created a Static Firewall Policy allowing Traffic for UDP port > 500.*PFA Configuration File* *for Strongswan*. > 2] It is Noticed that Tunnel was established by dynamically adding a > Matching policy for IPSEC. > 3] Now the Requirement is to send Only SSH/TFTP Encrypted Traffic over > this Tunnel. > > Can You please let me know the Steps to achieve the Last Requirement ?? > Also Please note that this Traffic not to be allowed once the Tunnel > went down. > > > > Looking forward for the reply!!! > > -Best Regards, > VKS. > > > > *Andreas Steffen <andreas.stef...@strongswan.org>* > > 08/23/2011 01:39 AM > > > To > kvunn...@rockwellcollins.com > cc > users@lists.strongswan.org > Subject > Re: [strongSwan] Automatic Addition/Deletion of Ipsec-Policy-based > Firewall Rules > > > > > > > > > IPsec policy based rules are installed with the standard _updown > script which is activated with the ipsec.conf parameter > > leftfirewall=yes > > Regards > > Andreas > > On 08/22/2011 05:05 PM, kvunn...@rockwellcollins.com wrote: >> >> Hi Guys, >> we have a requirement related to IPSEC-Policy-based Firewall Rules. >> >> Steps we followed: >> 1] Configured the ipsec.conf with the parameter "leftupdown=<Script > Path>". >> 2] Created the script and kept it at right place. >> >> Once the IKEv1 based Tunnel was UP; it was expected that Execution of >> script to be happen.But thats Not happening. >> >> Please let me know the Right way to Configure the "Automatic >> Addition/Deletion of Ipsec-Policy-based Firewall Rules". >> >> -Thanks in Advance, >> VKS. ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users