ipsec

IPSec Fallback mechanism subnet/supernet - SpeedGuide.net Broadband CommunityRegistry TweaksReviewsArticlesNewsFAQToolsBroadband HardwareLinksForums Gallery You need to have JavaScript enabled to get the most of our website SpeedGuide.net Broadband Community > Usenet Newsgroups> comp.dcom.vpnIPSec Fallback mechanism subnet/supernetUser NameRemember Me?PasswordRegisterFAQMembers ListCalendarSearchToday's PostsMark Forums Read Thread ToolsDisplay Modes01-08-08, 10:17 PM #1anshul makkarGuest Posts: n/aIPSec Fallback mechanism subnet/supernetHi, I established two IPSEC tunnels terminating at one hub. Configuration : 1st tunnel : right subnet as 192.168.4.0/24 2nd tunnel: right subnet as 192.168.0.0/16 Both the tunnels have same gateway as 172.16.28.108 I am using freeswan code. Now what I am observing is that, if I disable the 192.168.4.0/24 tunnel, and send ping request to 192.168.4.1, the ICMP IPSEC SA is negotiated for 2nd tunnel (supernet one which is already correctly established.). Why this is happening. Further, on continuous pinging (to machine on network 192.168.4.0/24), a new IPSEC SA (for tunnel 192.168.0.0/26) is negotiated on every request. On debugging I found that when I disable a perticular tunnel, the path corresponding to it is marked as trapped. Now klips capture the outbound packets on the trapped path and tries to send it through another closest matched active path. Thus in this scenrio, klips is capturing the outbound packets destined for 192.168.4.0/24 subnet and is trying to transfer it through 192.168.0.0/16. Is my inference correct. If this is the default behavior, then why IPSEC SA is being renegotiated for every outbound ICMP packet. (IPSEC SA should be established once and then used for every evey ping request) Please if you have any hint or refernce then please do share it . Thanking You Anshul Makkar anshul makkar01-14-08, 11:44 AM #2anshul makkarGuest Posts: n/aRe: IPSec Fallback mechanism subnet/supernetHi, Please reply. Thanks On Jan 9, 9:17*am, anshul makkar wrote: > Hi, > > I established *two IPSEC tunnels terminating at one hub. > Configuration : > 1st tunnel : right subnet as 192.168.4.0/24 > 2nd tunnel: right subnet as 192.168.0.0/16 > > Both the tunnels have same gateway as 172.16.28.108 > > I am using freeswan code. > > Now what I am observing is that, if I disable the 192.168.4.0/24 > tunnel, and send ping request to 192.168.4.1, the ICMP IPSEC SA is > negotiated for 2nd tunnel (supernet one which is already correctly > established.). Why this is happening. > > Further, on continuous pinging (to machine on network 192.168.4.0/24), > a new IPSEC SA (for tunnel 192.168.0.0/26) is negotiated on every > request. > > On debugging I found that when I disable a perticular tunnel, the path > corresponding to it is marked as trapped. Now klips capture the > outbound packets on the trapped path and tries to send it through > another closest matched active path. Thus in this scenrio, klips is > capturing the outbound packets destined for 192.168.4.0/24 subnet and > is trying to transfer it through 192.168.0.0/16. Is my inference > correct. > > If this is the default behavior, then why IPSEC SA is being > renegotiated for every outbound ICMP packet. (IPSEC SA should be > established once and then used for every evey ping request) > > Please if you have any hint or refernce then please do share it . > > Thanking You > Anshul Makkar anshul makkar02-22-08, 02:58 AM #3.Guest Posts: n/aRe: IPSec Fallback mechanism subnet/supernetOn 14 Jan, 17:44, anshul makkar wrote: > Hi, > > Please reply. > Thanks > > On Jan 9, 9:17 am, anshul makkar wrote: > > > Hi, > > > I established two IPSEC tunnels terminating at one hub. > > Configuration : > > 1st tunnel : right subnet as 192.168.4.0/24 > > 2nd tunnel: right subnet as 192.168.0.0/16 > > > Both the tunnels have same gateway as 172.16.28.108 > > > I am using freeswan code. > > > Now what I am observing is that, if I disable the 192.168.4.0/24 > > tunnel, and send ping request to 192.168.4.1, the ICMP IPSEC SA is > > negotiated for 2nd tunnel (supernet one which is already correctly > > established.). Why this is happening. > > > Further, on continuous pinging (to machine on network 192.168.4.0/24), > > a new IPSEC SA (for tunnel 192.168.0.0/26) is negotiated on every > > request. > > > On debugging I found that when I disable a perticular tunnel, the path > > corresponding to it is marked as trapped. Now klips capture the > > outbound packets on the trapped path and tries to send it through > > another closest matched active path. Thus in this scenrio, klips is > > capturing the outbound packets destined for 192.168.4.0/24 subnet and > > is trying to transfer it through 192.168.0.0/16. Is my inference > > correct. > > > If this is the default behavior, then why IPSEC SA is being > > renegotiated for every outbound ICMP packet. (IPSEC SA should be > > established once and then used for every evey ping request) > > > Please if you have any hint or refernce then please do share it . > > > Thanking You > > Anshul Makkar Hi IPSec tuto: http://secure-vpn.com/PPTP-L2TP.rar .«Previous Thread|Next Thread»Thread ToolsShow Printable VersionEmail this PageDisplay ModesLinear ModeSwitch to Hybrid ModeSwitch to Threaded ModePosting RulesYou may not post new threadsYou may not post repliesYou may not post attachmentsYou may not edit your postsvB code is OnSmilies are Off[IMG] code is OffHTML code is OffForum JumpUser Control PanelPrivate MessagesSubscriptionsWho's OnlineSearch ForumsForums HomeRules and Announcements Rules and AnnouncementsBroadband & Networking General Broadband Forum Broadband Tweaks Routers & Internet Sharing Networking Forum Wireless Networking Security Firewalls & Ports Security Software Updates Anti-Spyware, Spam Control & Privacy Provider Discussion and Reviews US Broadband Providers International Broadband Providers Asian and Middle Eastern Providers Australia / New Zealand Canadian Providers Central/South American Providers UK and European Providers Dialup / Other connectivityGeneral Discussions General Discussion Board SG Contests Hardware & Overclocking Cases & Modding Software Forum Programming Forum Gaming Console Gaming Digital Media and Photography Automotive SG Distributed Computing Marketplace - Buy/Sell/Trade/Hot Deals Feedback, Suggestions & QuestionsUsenet Newsgroups alt.comp.networking.routers alt.computer.security alt.internet.wireless comp.dcom.modems.cable comp.dcom.xdsl comp.dcom.vpn comp.security.firewallsMiscellaneous Broadband Archive General Topics ArchiveSimilar ThreadsThreadThread StarterForumRepliesLast PostNative IPSec installation Racoon,Phase 2 does not start HELP!!!!jknebSoftware Forum011-22-07 04:22 PMVPN client using IPSec not working - could it be the cable modem?metropoleRouters & Internet Sharing202-05-07 09:06 PMAll times are GMT -5. The time now is 01:26 PM.-- SG Dark-- SG Light-- SG HalloweenContact Us -SpeedGuide.net -Archive -Privacy Statement -TopPowered by vBulletin® Version 3.6.9Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.Copyright © 1998-2008, Speed Guide, Inc.разделы компания макса линдера багетный мастерский шелковый ковры консультирование организация слабость головокружение холодильник оптом конвейер распыление ароматизатор dvd-box магнитный доска международный конкурс дебютант ночной очки гильза цилиндр плазменный панель настенный kyiv apartments service регестрация пбоюл этикетировочные машина купить угольник перех луковичный цвет слимент лифт купить электроэнцефалограф измеритель сопротивление купить архиватор авиатакси долг 5440.13 (крышка) многотарифные электросчетчик сухой мороженый газонокосилка black decker развальцовка подогреватель французский вина прайс зеркало терапевтический гидромассаж краска ржавчина нужный билет прибор крыса бензопила stihl полиолефиновая пленка светоотражающий краска жаростойкий краска кулер 775 куллер 478 изделие слойка сделать пазл снегоход буран вскрытие авто продать кайт александр вертинский. желтый танго продать кайт надевание бахила билет большой 5440.14 (крышка) тонирование стекла отбеливание 5004.10 (крышка) бюро переводчик разогреть вчерашний обед автобетононасосы антенна акустомагнитные силуэт слимент лифт винный холодильник ipsec