Hi,
while trying to connect two beta6 systems, we have troubles in setting up the required policies.
Every time we enter our ipsec policy (using tunnel mode) and pressing "assign" we automatically get 'two' policies generated where one is printed in red color (marked as 'invalid') and the other showing "no tunnel" and 0.0.0.0.
(BTW new NAT trversal feature in Peer setup is off)
Basic ipsec setup is taken from a 2.9.40 system and is working there.
So, what has changed in beta6 that policy cannot be used as before?
Thanks for any help.
Achim
No, still does not work. I have this command (actual sa-src and sa-dst addresses clobbered for privacy)
And this results into this policy
I really don't understand what causes this.
Any comments or help would be fine. I assume this is a beta issue? Beause same configuration works on 2.9.40.
Thanks for help.
Achim
Code: Select all
[admin@vpn2-de] /ip ipsec policy> add src-address=172.17.0.0/16:any dst-address=172.16.0.0/16:any p
rotocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=a.b.c.d
sa-dst-address=e.f.g.h proposal=myProposal manual-sa=noneCode: Select all
[admin@vpn2-de] /ip ipsec policy> print
Flags: X - disabled, D - dynamic, I - inactive
0 I src-address=172.17.0.0/16:any dst-address=172.16.0.0/16:any protocol=all action=encrypt
level=require ipsec-protocols=esp tunnel=yes sa-src-address=a.b.c.d
sa-dst-address=e.f.g.h proposal=myProposal manual-sa=none priority=0
1 D src-address=172.16.0.0/32:any dst-address=172.17.0.0/32:any protocol=all action=encrypt
level=require ipsec-protocols=esp tunnel=yes sa-src-address=a.b.c.d sa-dst-address=e.f.g.h proposal=default priority=0
Any comments or help would be fine. I assume this is a beta issue? Beause same configuration works on 2.9.40.
Thanks for help.
Achim