Hello
One of our IPSec gateways is multihomed, for this gateway i was trying
to setup
IPSec in transport mode over the secondary internet interface. Using the
following
configuration.
--- snip ---
ike esp transport from $LOCAL_PEER to $REMOTE_PEER \
psk 0xdeadbeef
--- snip ---
LOCAL_PEER is the external address of the secondary interface
REMOTE_PEER is the external address of the remote peer
When using this configuration isakmpd tries to setup IPSec by contacting
the remote
peer over the first interface, and the remote host rejects this setup
because of packets
are coming from the wrong IP address.
When using the following configuration the setup succeeds.
--- snip ---
ike esp transport from $LOCAL_PEER to $REMOTE_PEER \
local $LOCAL_PEER \
psk 0xdeadbeef
--- snip ---
Specifying the 'local' keyword in transport seems a unnecessary and
double
configuration to me, this because the IP address is always the same as
the
'src' parameter. Is this correct or am I missing something ?
Regards Rob
