You can define multiple tunnels under the same peer to accomplish that.
stig _____ From: Philippe Marcais [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 21, 2007 6:37 PM To: Stig Thormodsrud Cc: [EMAIL PROTECTED] Subject: Re: [Vyatta-users] IPsec configuration Then, It seems to me that the cli should accept more than one line of "local-subnet" to improve granularity on this "acl". I guess I can used 0.0.0.0 for now. Thanks Stig. On 11/21/07, Stig Thormodsrud <[EMAIL PROTECTED]> wrote: Think of it as an access-list where a packet's source/destination addresses are compared to see if it should be encapsulated into the tunnel. Those subnet commands do accept 0.0.0.0 <http://0.0.0.0/> such that anything matches. stig _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Philippe Marcais Sent: Wednesday, November 21, 2007 5:58 PM To: [EMAIL PROTECTED] Subject: [Vyatta-users] IPsec configuration What is the purpose of the following configuration line; tunnel 1 { local-subnet: 192.168.0.0/24 remote-subnet: 10.40.1.0/24 Why does the tunnel has to be link to a local subnet? In fact, I may have multiple local subnet from multiple interface or sub-interface using this IPsec tunnel. Same question regarding for the remote subnet. I do have multiple remote subnets that I'd like to reach out on the remote side. Thanks, Philippe
_______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
