vpn trouble
Maciej Suszko
maciej at suszko.eu
Tue Jun 22 18:41:14 UTC 2010
"David DeSimone" <fox at verio.net> wrote:
> Maciej Suszko <maciej at suszko.eu> wrote:
> >
> > > So as you write they should set: ??
> > > 10.20.0.1 (my ip on gif device) <-> 78.x <-> 95.x <-> 10.10.1.90
> > > (other side)
> >
> > Yes, indeed.
> >
> > > And additionaly I thing I should correct set spd policy to:
> > >
> > > spdadd 10.20.0.1 10.10.1.90 any -P out ipsec
> > > esp/tunnel/78.x.x.x-95.x.x.x/require;
> > > spdadd 10.10.1.90 10.20.0.1 any -P in ipsec
> > > esp/tunnel/95.x.x.x-78.x.x.x/require;
> > >
> > > Am I wrong?
> >
> > No, you're right :)
> >
> > You can set up the tunnel first - check whether both 10. are
> > accessible from both sides, then you "cover" communication between
> > them with IPSEC.
>
> Will this sort of GIF tunnel interoperate with Cisco and/or Checkpoint
> VPN equipment? In our tests we were able to use pure IPSEC tunnel
> encapsulation to interoperate with these sorts of devices, so we never
> found a need for GIF encapsulation.
I'm not sure what's on the other side, AFAIK some hardware solution.
--
regards, Maciej Suszko.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20100622/36774e5c/signature.pgp
More information about the freebsd-net
mailing list