Re: [m0n0wall] IPSEC tunnel with several SAs

From:	"Christopher M. Iarocci" <iarocci at eastendsc dot com>
To:	Fred Weston <Fred at daytonawan dot com>
Cc:	Peter Kulinski <peter at datafant dot se>, "'m0n0wall at lists dot m0n0 dot ch'" <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] IPSEC tunnel with several SAs
Date:	Tue, 20 Jan 2004 08:13:40 -0500

Fred Weston wrote:

> Peter Kulinski wrote:
>
>> Is it possible to define more than one SA rule for an IPSEC tunnel with
>> M0n0wall?
>>
>>
>>
>> LANHOME                            LANOFFICE (2)
>>
>> 192.168.1.0/24    <-->             192.168.10.0/24 and 192.168.11.0/24
>>
>>
>>
>> I cant find any information doing this. I know that its NOT possible 
>> solving
>> this be doing 2 tunnels.
>>
>> Any idea?
>>
>>
>>
>> Regards
>>
>>
>>
>> \Peter
>>
>>
>>  
>>
> How about using 192.168.10.0/23 instead of 192.168.10.0/24 and 
> 192.168.11.0/24?
>
>
I've been asking this question for about 4 months now, with no answers 
from anyone.  :-(

If using the different bit mask works for this situation, it certainly 
won't work for all situations.  What if I have a 192.168.X.X network and 
a 10.X.X.X network on one side?  I certainly couldn't allow that with a 
bitmask change.  Their must be a way, or racoon is severly limited in 
this manner.  I've used many other routers that could establish 2 
tunnels to 1 location, but it seems racoon can not??  I'm still looking 
for confirmation on that though.

Chris