I agree, but with our solution, IP addressing is coming from WSP dynamically. so the use of aggressive mode is needed.
-Carlos -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ken Felix Sent: Tuesday, February 05, 2008 11:39 AM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] IPSec Termination I have to check, but I think in my previous experience with strongswan and linux, the auto=ignore is what I've used in the past to make the ipsec client sit as receiver. Aggressive mode iirc is not what it seems like, but a way that the P1 is established and how many steps are taken in doing so. Main mode is ALWAYS better than Aggressive mode when it comes to ipsec setup. I think it's like 6 steps vrs 4 with aggressive. _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users