Then, It seems to me that the cli should accept more than one line of "local-subnet" to improve granularity on this "acl". I guess I can used 0.0.0.0 for now.
Thanks Stig. On 11/21/07, Stig Thormodsrud <[EMAIL PROTECTED]> wrote: > > Think of it as an access-list where a packet's source/destination > addresses are compared to see if it should be encapsulated into the tunnel. > Those subnet commands do accept 0.0.0.0 such that anything matches. > > > > stig > > > ------------------------------ > > *From:* [EMAIL PROTECTED] [mailto: > [EMAIL PROTECTED] *On Behalf Of *Philippe Marcais > *Sent:* Wednesday, November 21, 2007 5:58 PM > *To:* [EMAIL PROTECTED] > *Subject:* [Vyatta-users] IPsec configuration > > > > What is the purpose of the following configuration line; > > > > tunnel 1 { > local-subnet: 192.168.0.0/24 > remote-subnet: 10.40.1.0/24 > > > > Why does the tunnel has to be link to a local subnet? In fact, I may have > multiple local subnet from multiple interface or sub-interface using this > IPsec tunnel. > > Same question regarding for the remote subnet. I do have multiple remote > subnets that I'd like to reach out on the remote side. > > > > Thanks, > > Philippe > > > > >
_______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users