On Thurs., Apr 01, 2010, Chris Buechler wrote:
>On Thu, Apr 1, 2010 at 2:21 PM, Michael wrote:
>> But how to do that without adding another tunnel? You see from the
>> LAN and OPT subnet numbers that they are not summarizable as
>> mentioned in the FAQ 15.26 (How can I route multiple subnets over
>> a site to site IPSec VPN.) And I don't want to set up new tunnels.
>There is no other option. It must match a SPD entry to go across
>IPsec, the routing table cannot send traffic over IPsec.
Okay, thanks for pointing it out. I guess I'll have to double my
IPSec tunnel configurations then, and give each OPT interface its
own tunnel to all of the other hosts (not very scalable.)