I have red that page many times and search for manual keying also. . But
that didn't answer my question. Anyway I got an answer from cisco group
saying that
Basically yes. Each line in your ACL actually builds a separate tunnel, with
unique SPI's. If you use manual keys, you can only provide one
I think your confusing SPI with a CBAC technology. AN spi is a
uni-directional IPSEC peer transform set hash (agreement on what your using
with your IPSEC PEER).
An SPI is made in each direction to each peer. The Access-list permits
flag traffic (matched by the router) as permitted for IPSEC.
Hi all,
We are impelementing IPSec manual site to site because other site doesn't
support IKE. I know that if you implement IPSec manual keying
-- ACL's for crypto map entries tagged as ipsec-manual are restricted to as
single permit entry and subsequent entries are ignored.
-- The SAs
3 matches
Mail list logo