Frederic Detienne writes: > And like I said earlier, the amount of negotiation when there are > multiple prefixes to protect is limited to one. With "modern ipsec > tunneling" (got to love that), there is still a lot of negotiation > going on.
I do not understand what you are trying to say there. > We are talking about potentially hundreds of subnets behind a branch > here. Really? There must be something really, really wrong in their IP-address allocation in that case. Usually the one branch has only few subnets as it would make adminstration really hard if you put hundreds of separate subnets in the same branch office. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec