Table of Contents
Advertisement
Chapter 6
Advanced Features
Multiple tunnels
200
6.8 One Peer - Multiple Connections
In order to setup a Phase 2 tunnel, a Phase 1 IKE tunnel is required first. Via this
Phase 1 tunnel the signalling messages, negotiating the Phase 2 tunnel, are
transferred.
SpeedTouch620 [1]
The SpeedTouch™ allows setting up several Phase 2 tunnels, all using a common
Phase 1 tunnel. In the configuration example below, it is shown how a single peer
has various connection attached to it. Traffic originating from network 10.0.0.0/8 will
be sent in one of the Phase 2 tunnels, depending on the destination IP address. If no
IPSec policy match is found, the packet is sent unencrypted.
[ipsec connection]=>network
[ipsec connection network]=>list
[n1] : range 10.60.11.[20-30]
[n2] : address 10.50.2.22
[n3] : subnet 10.50.2.128/25
[ipsec connection network]=>..
[ipsec connection]=>list
[connect1]
Peer
Local network
Remote network : n2
Always on
Descriptors
Options
State
[connect2]
Peer
Local network
Remote network : n3
Always on
Descriptors
Options
State
[ipsec connection]=>
The IPSec descriptors of the two Phase 2 configurations may be different.
Phase 1 (IKE) tunnel (IKE1)
Phase 2 tunnel (conn1)
Phase 2 tunnel (conn2)
: rempeer2
: n1
: disabled
: AES_HMAC-MD5_TUNNEL
: <unset>
: enabled
: rempeer2
: n1
: disabled
: NullEnc_HMAC-SHA1_TUNNEL
: <unset>
: enabled
SpeedTouch620 [2]
E-DOC-CTC-20051017-0169 v0.1
Advertisement
Table of Contents
