[ previous ] [ next ] [ threads ]
 
 From:  Jeroen Geusebroek <j dot geusebroek at gmail dot com>
 To:  Fred Wright <fw at well dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSEC & Multiple subnets (again)
 Date:  Tue, 12 Apr 2005 11:07:27 +0200
On Apr 12, 2005 9:37 AM, Fred Wright <fw at well dot com> wrote:
> 
> 
> On Tue, 5 Apr 2005, Chris Buechler wrote:
> 
> > On Apr 5, 2005 3:18 PM, Jeroen Geusebroek <j dot geusebroek at gmail dot com> 
> wrote:
> > > Again i would like to raise the question about routing multiple 
> subnets over
> > > a single IPSEC tunnel.
> >
> > http://m0n0.ch/wall/docbook/faq-ipsec-multiple-subnets.html
> >
> > CIDR summarizing them is equivalent to Cisco adding to match address.
> > If that isn't possible, it should be possible to add another IPsec
> > tunnel between the two endpoints. The above is tested and verified
> > from m0n0wall to m0n0wall.
> 
> Which above? There are two cases.
> 
> If parallel tunnels have been tested, was that with main mode or
> aggressive mode? In the former case, they'd have to use the same
> identifier, which shouldn't be a problem in theory but some
> implementations might not like it. I've even run across an implementation
> (not m0n0wall) that didn't seem to like parallel tunnels at all, but it
> was so flaky in general that it was hard to be sure of anything.


I used parallel tunnels in combination with aggresive mode. I've been 
running
a test case since my last post and haven't encountered any problems (yet ;).

So i think it's fair to say that this will work in combination with a Cisco 
Pix.

--- 
Jeroen