Hi, On Wed, Oct 26, 2005 at 02:40:52PM -0400, Roy Morris wrote: > I have been reading through the archives but have not found a reliable answer > yet. I have recently been converting vpns from manual to isakmpd, with one > of the other endpoints being a Cisco box. I can bring up a single subnet/IP > no problem but if I try to add another phase2 connection it fails. ...
ok, maybe I'm missing the point here or am not fully understanding your problem, but something like below works for me. A single phase 1 SA is used to negotiate different phase 2 SAs. Note, both sides are openbsd boxes. ... [IPsec-vpn7-vpn8] Phase= 2 ISAKMP-peer= ISAKMP-peer-theothers Configuration= Default-quick-mode Local-ID= Net-vpn7 Remote-ID= Net-vpn8 [IPsec-vpn9-vpn10] Phase= 2 ISAKMP-peer= ISAKMP-peer-theothers Configuration= Default-quick-mode Local-ID= Net-vpn9 Remote-ID= Net-vpn10 [Net-vpn7] ID-type= IPV4_ADDR_SUBNET Network= 192.168.7.0 Netmask= 255.255.255.0 [Net-vpn8] ID-type= IPV4_ADDR_SUBNET Network= 192.168.8.0 Netmask= 255.255.255.0 [Net-vpn9] ID-type= IPV4_ADDR_SUBNET Network= 192.168.9.0 Netmask= 255.255.255.0 [Net-vpn10] ID-type= IPV4_ADDR_SUBNET Network= 192.168.10.0 Netmask= 255.255.255.0 ...
