On Fri, Mar 25, 2011 at 12:28:53PM -0400, Stephen Clark wrote:
> Hi,
Hi.
> If one has multiple entries in the SPD some representing more specific
> network addresses not to be encrypted and sent over an
> ipsec tunnel vs more general networks that would be encrypted would this
> work?
>
> In other words say I have a x.x.0.0/16 that should encrypted but in that
> x.x.0.0/16 I don't want x.x.84.0/23
> to be encrypted could I do that? If so is dependent on the order the SPD
> entries are made?
Yes, SPD entries are ordered.
Just set up first specific SPD entries for traffic which must not be
encrypted, then the tunnel/transport entries for networks.
Yvan.
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 2 之 3 篇):