setkey and -ctx
zbeeble at gmail.com
Tue Jul 19 18:56:13 UTC 2011
I have a Cisco ASA which expects a different tunnel for each IP that
I'm sending traffic to (ie: it expects a different tunnel per firewall
rule over there). It looks like I should have each SA in a different
domain on my side to do this --- so it looks like I should be using
the "-ctx" flag to setkey (or in /etc/ipsec.conf). But setkey appears
to reject this...
Is this unimplemented? Am I missing something?
More information about the freebsd-hackers