>Even if the policy is specified as "required", it looks (at least, to
>me) that SA (destination address, Security Protocol(AH/ESP), and SPI)
>is properly established. I don't see anything that can prevent it from
>working if the policy is specified as 'require'.
>
>Will anybody here help me unde
Hi,
I have a question regarding IPsec tunnel mode AH processing.
ipsec(4) says:
AH tunnel may not work as you might expect. If you configure ``require''
policy against AH tunnel for inbound, tunneled packets will be rejected.
This is because AH authenticates encapsulating (out
