> What do you mean by "what ping/traceroute keys"?
As I can see your SPD says that packets ONLY from 172.16.250.0/24 TO
172.16.69.0/24 should be tunneled and vice versa.
But the command 'ping 172.16.250.1' equals to 'ping -S 24.181.119.107
172.16.250.1' and your polices do not permit such packets from 24.181.119.107 to
172.16.250.1 to be tunneled. So you should use command 'ping -S 172.16.69.1
172.16.250.1'.
Keep in mind that IPSec just simply DROPS packets which are not permited by the
policies or by the SAD. So you can see in tcpdump that something goes over the
tunnel, but it can be only dropped packets.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
