ok i misinterpreted the man page, this is what i needed instead... ike esp from a.a.a.0/24 to b.b.b.0/21 local x.x.x.142 peer y.y.y.218 ike esp from x.x.x.142 to b.b.b.0/21 local x.x.x.142 peer y.y.y.218 ike esp from x.x.x.142 to y.y.y.218
On 5/11/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > When using ipsec.conf to set up the vpn on redundant firewalls with carp > on the outside interface, I noticed that the session is using the ip of the > physical interface and not the ip of the carp interface which the remote end > is listening for. When looking in the man pages there are options for local > <localip> remote <peerip> but setting this up seems to give me a syntax > error. I had this working a few days ago and now I cant seem to figure out > what im doing wrong. > > local x.x.x.142 remote y.y.y.218 > ike esp from a.a.a.0/24 to b.b.b.0/21 peer y.y.y.218 > ike esp from x.x.x.142 to b.b.b.0/21 peer y.y.y.218 > ike esp from x.x.x.142 to y.y.y.218 > > > ike esp from b.b.b.0 /21 to a.a.a.0/24 peer x.x.x.142 > ike esp from y.y.y.218 to a.a.a.0/24 peer x.x.x.142 > ike esp from y.y.y.218 to x.x.x.142
