Hi,
Please reply. I am stuck.
Thanks
Anshul Makkar
On Jan 9, 9:15 am, anshul makkar <anshulmak...@gmail.com> wrote:
> Hi,
>
> I established two IPSEC tunnels terminating at one hub.
> Configuration :
> 1st tunnel : right subnet as 192.168.4.0/24
> 2nd tunnel: right subnet as 192.168.0.0/16
>
> Both the tunnels have same gateway as 172.16.28.108
>
> I am using freeswan code.
>
> Now what I am observing is that, if I disable the 192.168.4.0/24
> tunnel, and send ping request to 192.168.4.1, the ICMP IPSEC SA is
> negotiated for 2nd tunnel (supernet one which is already correctly
> established.). Why this is happening.
>
> Further, on continuous pinging (to machine on network 192.168.4.0/24),
> a new IPSEC SA (for tunnel 192.168.0.0/26) is negotiated on every
> request.
>
> On debugging I found that when I disable a perticular tunnel, the path
> corresponding to it is marked as trapped. Now klips capture the
> outbound packets on the trapped path and tries to send it through
> another closest matched active path. Thus in this scenrio, klips is
> capturing the outbound packets destined for 192.168.4.0/24 subnet and
> is trying to transfer it through 192.168.0.0/16. Is my inference
> correct.
>
> If this is the default behavior, then why IPSEC SA is being
> renegotiated for every outbound ICMP packet. (IPSEC SA should be
> established once and then used for every evey ping request)
>
> Please if you have any hint or refernce then please do share it .
>
> Thanking You
> Anshul Makkar
Similar Threads
Linear Mode
