Yes but it is not an optimal solution in term of scalibility.
Philippe
On Nov 21, 2007, at 9:40 PM, Stig Thormodsrud wrote:
You can define multiple tunnels under the same peer to accomplish
that.
stig
From: Philippe Marcais [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 21, 2007 6:37 PM
To: Stig Thormodsrud
Cc: [EMAIL PROTECTED]
Subject: Re: [Vyatta-users] IPsec configuration
Then, It seems to me that the cli should accept more than one line
of "local-subnet" to improve granularity on this "acl". I guess I
can used 0.0.0.0 for now.
Thanks Stig.
On 11/21/07, Stig Thormodsrud <[EMAIL PROTECTED]> wrote:
Think of it as an access-list where a packet's source/destination
addresses are compared to see if it should be encapsulated into the
tunnel. Those subnet commands do accept 0.0.0.0 such that anything
matches.
stig
From: [EMAIL PROTECTED] [mailto:vyatta-users-
[EMAIL PROTECTED] ] On Behalf Of Philippe Marcais
Sent: Wednesday, November 21, 2007 5:58 PM
To: [EMAIL PROTECTED]
Subject: [Vyatta-users] IPsec configuration
What is the purpose of the following configuration line;
tunnel 1 {
local-subnet: 192.168.0.0/24
remote-subnet: 10.40.1.0/24
Why does the tunnel has to be link to a local subnet? In fact, I
may have multiple local subnet from multiple interface or sub-
interface using this IPsec tunnel.
Same question regarding for the remote subnet. I do have multiple
remote subnets that I'd like to reach out on the remote side.
Thanks,
Philippe
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
