Chapter 6
Advanced Features
6.8 One Peer - Multiple Connections
Multiple tunnels In order to setup a Phase 2 tunnel, a Phase 1 IKE tunnel is required first. Via this Phase 1 tunnel the signalling messages, negotiating the Phase 2 tunnel, are transferred.
Phase 1 (IKE) tunnel (IKE1)
Phase 2 tunnel (conn1)
Phase 2 tunnel (conn2)
SpeedTouch620 [1] | SpeedTouch620 [2] |
The SpeedTouch™ allows setting up several Phase 2 tunnels, all using a common Phase 1 tunnel. In the configuration example below, it is shown how a single peer has various connection attached to it. Traffic originating from network 10.0.0.0/8 will be sent in one of the Phase 2 tunnels, depending on the destination IP address. If no IPSec policy match is found, the packet is sent unencrypted.
[ipsec | connection]=>network | |
[ipsec | connection network]=>list | |
[n1] | : | range |
[n2] | : | address 10.50.2.22 |
[n3] | : | subnet 10.50.2.128/25 |
[ipsec | connection network]=>.. | |
[ipsec connection]=>list |
| |
[connect1] | : rempeer2 | |
Peer | ||
Local network | : | n1 |
Remote network : | n2 | |
Always on | : disabled | |
Descriptors | : | |
Options | : <unset> | |
State | : enabled | |
[connect2] | : rempeer2 | |
Peer | ||
Local network | : | n1 |
Remote network : | n3 | |
Always on | : | disabled |
Descriptors | : | |
Options | : | <unset> |
State | : | enabled |
[ipsec connection]=>
The IPSec descriptors of the two Phase 2 configurations may be different.
200 | |
|
