In fortiOS we build multiple phase2 and reference the phase1 interface and in strongswan it's very similar approach
1
2
3
4
5
6
|
/* sample 2x phase2 connection srx1 */
conn srx1 leftsubnet=10.198.198.0/24 rightsubnet=192.168.1.0/24 also=srx auto=route |
1
2
3
4
5
6
|
/* sample 2x phase2 connection srx2*/
conn srx2 leftsubnet=10.197.197.0/24 rightsubnet=192.168.1.0/24 also=srx auto=route |
The connection "srx" is the parent for the 2x srx1 and srx2
Here's a full config take heed of the parent conn srx and the two associated child srx1 srx2
Also now the ipsec status will show the 2 child connections srx1 and srx2 when executed.
That's how easy it is to associate multiple local/remote-subnets in strongswan.
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment