Solved: Re: VPN IPSEC SA Configuration

rpsribeiro · ‎2022-08-04

Hello,

i have a gateway with version R80.40, and i have a specific IPSEC tunnel where i am trying to configure a security association with a specific host on my side, so i've configured a user defined group in this tunnel with the specific host included and without the subnet on this group, however each time i try to start the traffic on my side it tries to use the subnet to establish the SA, how can i force to use only the host on SA?

As a note, the specific subnet is known in my gateway through another IPSEC VPN.

RS_Daniel · ‎2022-08-04

Hello,

If only this host is supposed to go trough the tunnel, i would set VPN sharing to "One VPN tunnel per each pair of hosts".

When you say "i've configured a user defined group in this tunnel" do you mean using Encryption Domain per Community?

if that is the case, you can try sk108600 scenario 1 and define the specific hosts for this vpn peer. HTH.

Regards

View solution in original post

RS_Daniel · ‎2022-08-04

Hello,

If only this host is supposed to go trough the tunnel, i would set VPN sharing to "One VPN tunnel per each pair of hosts".

When you say "i've configured a user defined group in this tunnel" do you mean using Encryption Domain per Community?

if that is the case, you can try sk108600 scenario 1 and define the specific hosts for this vpn peer. HTH.

Regards

rpsribeiro · ‎2022-08-04

Thanks, i've used the information from sk108600 and the Encryption Domain was negotiated correctly since them.

Are you a member of CheckMates?

VPN IPSEC SA Configuration