|
||||||||||
On Apr 12, 2005 9:37 AM, Fred Wright <fw at well dot com> wrote: > > > On Tue, 5 Apr 2005, Chris Buechler wrote: > > > On Apr 5, 2005 3:18 PM, Jeroen Geusebroek <j dot geusebroek at gmail dot com> > wrote: > > > Again i would like to raise the question about routing multiple > subnets over > > > a single IPSEC tunnel. > > > > http://m0n0.ch/wall/docbook/faq-ipsec-multiple-subnets.html > > > > CIDR summarizing them is equivalent to Cisco adding to match address. > > If that isn't possible, it should be possible to add another IPsec > > tunnel between the two endpoints. The above is tested and verified > > from m0n0wall to m0n0wall. > > Which above? There are two cases. > > If parallel tunnels have been tested, was that with main mode or > aggressive mode? In the former case, they'd have to use the same > identifier, which shouldn't be a problem in theory but some > implementations might not like it. I've even run across an implementation > (not m0n0wall) that didn't seem to like parallel tunnels at all, but it > was so flaky in general that it was hard to be sure of anything. I used parallel tunnels in combination with aggresive mode. I've been running a test case since my last post and haven't encountered any problems (yet ;). So i think it's fair to say that this will work in combination with a Cisco Pix. --- Jeroen |