"David DeSimone" <f...@verio.net> wrote: > Maciej Suszko <mac...@suszko.eu> wrote: > > > > > So as you write they should set: ?? > > > 10.20.0.1 (my ip on gif device) <-> 78.x <-> 95.x <-> 10.10.1.90 > > > (other side) > > > > Yes, indeed. > > > > > And additionaly I thing I should correct set spd policy to: > > > > > > spdadd 10.20.0.1 10.10.1.90 any -P out ipsec > > > esp/tunnel/78.x.x.x-95.x.x.x/require; > > > spdadd 10.10.1.90 10.20.0.1 any -P in ipsec > > > esp/tunnel/95.x.x.x-78.x.x.x/require; > > > > > > Am I wrong? > > > > No, you're right :) > > > > You can set up the tunnel first - check whether both 10. are > > accessible from both sides, then you "cover" communication between > > them with IPSEC. > > Will this sort of GIF tunnel interoperate with Cisco and/or Checkpoint > VPN equipment? In our tests we were able to use pure IPSEC tunnel > encapsulation to interoperate with these sorts of devices, so we never > found a need for GIF encapsulation.
I'm not sure what's on the other side, AFAIK some hardware solution. -- regards, Maciej Suszko.
signature.asc
Description: PGP signature
