Hello, A good way would be to ask the ops people on the other side. I myself assume that no CISCO IPsec implementation supports several subnets on a side in a CHILD_SA. Thus far it went fine.
Kind regards Noel Am 03.10.18 um 09:11 schrieb Volodymyr Litovka: > Hi Marco, > > just FYI: if you've hit this problem with Cisco - then there is an issue with > both ASA and IOS models: > https://community.cisco.com/t5/cisco-bug-discussions/cscue42170-ikev2-support-multi-selector-under-the-same-child-sa/td-p/3203894 > > On 5/11/18 1:10 PM, Marco Berizzi wrote: >> Hello everyone, >> >> Kindly I would like to ask, if there is a way to >> know if a remote IKEv2 peer supports multiple >> traffic selectors per CHILD_SA. >> >> For example strongswan is going to log this kind >> of message when tfc is not supported by the other >> IKEv2 peer: >> >> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding >> >> TIA >
signature.asc
Description: OpenPGP digital signature
