On Apr 12, 2005 9:37 AM, Fred Wright <fw at well dot com> wrote:
> On Tue, 5 Apr 2005, Chris Buechler wrote:
> > On Apr 5, 2005 3:18 PM, Jeroen Geusebroek <j dot geusebroek at gmail dot com>
> > > Again i would like to raise the question about routing multiple
> subnets over
> > > a single IPSEC tunnel.
> > http://m0n0.ch/wall/docbook/faq-ipsec-multiple-subnets.html
> > CIDR summarizing them is equivalent to Cisco adding to match address.
> > If that isn't possible, it should be possible to add another IPsec
> > tunnel between the two endpoints. The above is tested and verified
> > from m0n0wall to m0n0wall.
> Which above? There are two cases.
> If parallel tunnels have been tested, was that with main mode or
> aggressive mode? In the former case, they'd have to use the same
> identifier, which shouldn't be a problem in theory but some
> implementations might not like it. I've even run across an implementation
> (not m0n0wall) that didn't seem to like parallel tunnels at all, but it
> was so flaky in general that it was hard to be sure of anything.
I used parallel tunnels in combination with aggresive mode. I've been
a test case since my last post and haven't encountered any problems (yet ;).
So i think it's fair to say that this will work in combination with a Cisco