Then, It seems to me that the cli should accept more than one line of
"local-subnet" to improve granularity on this "acl". I guess I can used
0.0.0.0 for now.
Thanks Stig.
On 11/21/07, Stig Thormodsrud <[EMAIL PROTECTED]> wrote:
>
> Think of it as an access-list where a packet's source/destination
> addresses are compared to see if it should be encapsulated into the tunnel.
> Those subnet commands do accept 0.0.0.0 such that anything matches.
>
>
>
> stig
>
>
> ------------------------------
>
> *From:* [EMAIL PROTECTED] [mailto:
> [EMAIL PROTECTED] *On Behalf Of *Philippe Marcais
> *Sent:* Wednesday, November 21, 2007 5:58 PM
> *To:* [EMAIL PROTECTED]
> *Subject:* [Vyatta-users] IPsec configuration
>
>
>
> What is the purpose of the following configuration line;
>
>
>
> tunnel 1 {
> local-subnet: 192.168.0.0/24
> remote-subnet: 10.40.1.0/24
>
>
>
> Why does the tunnel has to be link to a local subnet? In fact, I may have
> multiple local subnet from multiple interface or sub-interface using this
> IPsec tunnel.
>
> Same question regarding for the remote subnet. I do have multiple remote
> subnets that I'd like to reach out on the remote side.
>
>
>
> Thanks,
>
> Philippe
>
>
>
>
>
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
