|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: IPSec : 2 different tunnels from/to the same subnets ?
From: Hakan Olsson (ho
rfc.se)
Date: Mon Nov 03 2003 - 11:52:51 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 3 Nov 2003, Cedric Berger wrote:
> Thierry TM. Michalowski wrote:
>
> >Hi,
> >
> >I wonder if it is possible at all, with isakmpd, to establish 2
> >different IPSec tunnels connecting the same subnets.
> >
> >
> Possible yes, with isakmod I don't think so.
>
> >The connexions would be something like:
> >
> >192.168.20.x----BoxA (IP A1)---<IPSEC>---(IP B1) BoxB----192.168.30.x
> >192.168.20.x----BoxA (IP A2)---<IPSEC>---(IP B2) BoxB----192.168.30.x
As isakmpd does not care (well, apart from what isakmpd.policy may
restrict) what networks are setup in phase 2, this setup should be quite
possible. I.e using the "same networks" is definitely ok.
The problem will be routing, as usual in redundancy situations. That is in
part the "normal" IP routing, but mostly the "IPsec routing", i.e getting
the boxes to select which of the two outbound IPsec SAs to use for
encryption.
/H
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]