I have successfully established an ipsec IKEv2 tunnel with a fortigate 1200D/FortiOS v5.2.4
It is the first device where I'm able to get multiple pair of selectors per CHILD_SA. The tricky thing to pay attention, is the comma separated list sequence, in the remote_ts parameter. For example, this sequence was rejected by the remote peer: remote_ts = 192.168.32.0/24,10.20.29.75/32 with the following error message: [IKE] received TS_UNACCEPTABLE notify, no CHILD_SA built [IKE] failed to establish CHILD_SA, keeping IKE_SA instead the following one was working: remote_ts = 10.20.29.75/32,192.168.32.0/24 Is this the expected behavior by RFC?
