Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
rpsribeiro
Explorer
Jump to solution

VPN IPSEC SA Configuration

Hello,

 

i have a gateway with version R80.40, and i have a specific IPSEC tunnel where i am trying to configure a security association with a specific host on my side, so i've configured a user defined group in this tunnel with the specific host included and without the subnet on this group, however each time i try to start the traffic on my side it tries to use the subnet to establish the SA, how can i force to use only the host on SA?

 

As a note, the specific subnet is known in my gateway through another IPSEC VPN.

0 Kudos
1 Solution

Accepted Solutions
RS_Daniel
Advisor

Hello,

If only this host is supposed to go trough the tunnel, i would set VPN sharing to "One VPN tunnel per each pair of hosts".

When you say "i've configured a user defined group in this tunnel" do you mean using Encryption Domain per Community?

if that is the case, you can try sk108600 scenario 1 and define the specific hosts for this vpn peer. HTH.

Regards

View solution in original post

2 Replies
RS_Daniel
Advisor

Hello,

If only this host is supposed to go trough the tunnel, i would set VPN sharing to "One VPN tunnel per each pair of hosts".

When you say "i've configured a user defined group in this tunnel" do you mean using Encryption Domain per Community?

if that is the case, you can try sk108600 scenario 1 and define the specific hosts for this vpn peer. HTH.

Regards

rpsribeiro
Explorer

Thanks, i've used the information from sk108600 and the Encryption Domain was negotiated correctly since them.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events