I think your confusing SPI with a "CBAC" technology. AN spi is a
uni-directional IPSEC peer transform set hash (agreement on what your using
with your IPSEC PEER).
An SPI is made in each direction to each peer. The Access-list permits
flag traffic (matched by the router) as "permitted for IPSEC".
I have red that page many times and search for manual keying also. . But
that didn't answer my question. Anyway I got an answer from cisco group
saying that
Basically yes. Each line in your ACL actually builds a separate tunnel, with
unique SPI's. If you use manual keys, you can only provide one s
2 matches
Mail list logo
