1
Virtual private networks / Reqid use in policy based IPSEC with trap policy
« on: February 07, 2024, 03:48:27 pm »
Hi everyone,
I'm a little confused on best practice for my scenario.
In a situation where you have two independent connections set up where you use the same phase 2 local/remote subnets which are configured Start action --> Trap+start, should you be using a unique reqid for each of the phase 2 children?
I only bring this up because I've noticed that installing a trap policy creates a routed connection on the system, and when configuring a route based VPN it is recommended to use a unique reqid per connection (although I understand there are differences here between a VTI setup and policy based so this may be irrelevant).
For what it's worth, I've tested this with both using the same reqid (default) and both with unique and haven't observed any differences in behavior with how the VPN acts.
Any guidance is appreciated!
I'm a little confused on best practice for my scenario.
In a situation where you have two independent connections set up where you use the same phase 2 local/remote subnets which are configured Start action --> Trap+start, should you be using a unique reqid for each of the phase 2 children?
I only bring this up because I've noticed that installing a trap policy creates a routed connection on the system, and when configuring a route based VPN it is recommended to use a unique reqid per connection (although I understand there are differences here between a VTI setup and policy based so this may be irrelevant).
For what it's worth, I've tested this with both using the same reqid (default) and both with unique and haven't observed any differences in behavior with how the VPN acts.
Any guidance is appreciated!