Hi All
I came across this problem a few months ago, and its mpact is actually
greater than expected. I have ttached a patch below which I have been
running on our production firewalls for 3 months now with no issues to speak
of. The patch includes a sysctl to turn off the reinjection action.
T
Hi All,
What I think is that we shouldn't send all packets to IPSec. This reduces
the performance of the box as IPSec algorithms are really compute intensive.
Only configured tunnels to a few locations can be IPSeced. This ensures
that the normal traffic which is mostly TCP traffic can be as f
