Hello One of our IPSec gateways is multihomed, for this gateway i was trying to setup IPSec in transport mode over the secondary internet interface. Using the following configuration.
--- snip --- ike esp transport from $LOCAL_PEER to $REMOTE_PEER \ psk 0xdeadbeef --- snip --- LOCAL_PEER is the external address of the secondary interface REMOTE_PEER is the external address of the remote peer When using this configuration isakmpd tries to setup IPSec by contacting the remote peer over the first interface, and the remote host rejects this setup because of packets are coming from the wrong IP address. When using the following configuration the setup succeeds. --- snip --- ike esp transport from $LOCAL_PEER to $REMOTE_PEER \ local $LOCAL_PEER \ psk 0xdeadbeef --- snip --- Specifying the 'local' keyword in transport seems a unnecessary and double configuration to me, this because the IP address is always the same as the 'src' parameter. Is this correct or am I missing something ? Regards Rob