|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: IPSec : 2 different tunnels from/to the same subnets ?
From: Thierry TM. Michalowski (Thierry.Michalowski
echotech.ch)
Date: Mon Nov 03 2003 - 08:12:31 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> >I wonder if it is possible at all, with isakmpd, to establish 2
> >different IPSec tunnels connecting the same subnets.
> >
> >
> Possible yes, with isakmod I don't think so.
That's the essence of my question :-)
>
> >The connexions would be something like:
> >
> >192.168.20.x----BoxA (IP A1)---<IPSEC>---(IP B1) BoxB----192.168.30.x
> >192.168.20.x----BoxA (IP A2)---<IPSEC>---(IP B2) BoxB----192.168.30.x
> >
> >The idea being to enable both:
> >-connectivity redundancy
> >-traffic routing.
> >
> >
> Then you need to decide if you want round-robin, sending
> all packets duplicated, how you remove duplicates on the
> receiving and a lot of things like that.
Sure, to me this is routing issues : I don't want to duplicate packets,
what I want is like having two different network paths (say, switches)
in between the two subnets .
Routing is left for another topic :-)
> I'm doing something similar, but to do it I've written my own
> little piece userland code to deal with these issues (I cannot
> provides the code, sorry)
Are you telling me that you're doing IKE as well?
I'm currently using isakmpd for IKE with X.509 authentification, but
one one route only.
I would be happy not to have to rewriter advice appreciated :-)
Cheers,
Thierry Michalowski
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]