[strongSwan] multiple traffic selectors per child_sa
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Wed Oct 3 13:32:52 CEST 2018
Hello,
A good way would be to ask the ops people on the other side. I myself assume that no CISCO IPsec implementation supports several subnets on a side in a CHILD_SA. Thus far it went fine.
Kind regards
Noel
Am 03.10.18 um 09:11 schrieb Volodymyr Litovka:
> Hi Marco,
>
> just FYI: if you've hit this problem with Cisco - then there is an issue with both ASA and IOS models: https://community.cisco.com/t5/cisco-bug-discussions/cscue42170-ikev2-support-multi-selector-under-the-same-child-sa/td-p/3203894
>
> On 5/11/18 1:10 PM, Marco Berizzi wrote:
>> Hello everyone,
>>
>> Kindly I would like to ask, if there is a way to
>> know if a remote IKEv2 peer supports multiple
>> traffic selectors per CHILD_SA.
>>
>> For example strongswan is going to log this kind
>> of message when tfc is not supported by the other
>> IKEv2 peer:
>>
>> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
>>
>> TIA
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20181003/4f344f34/attachment.sig>
More information about the Users
mailing list