IPSEC Spi and ReqId Questions

Started by Jürgen Garbe, February 16, 2023, 02:39:53 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 16, 2023, 02:39:53 PM Last Edit: February 16, 2023, 02:41:42 PM by Jürgen Garbe
Hi,

I am preparing some Side 2 Side tunnels using IPSEC.
In this context, I have two questions:

1. Shall Phase 2 "Reqid" be unique?
In screenshots "tunnel 1" and "tunnel 2" you can see that both tunnels are using Reqid 7.

2. Why are there 2 different Phase 2 spi-in, spi-out pairs (srceenshot Status overview) addressing single hosts although as you can see in screenshot "Tunnel 2 setting" the Remote network is a network and not a single host?
Traffic is send over the second "pair", even traffic for 10.65.3.1 (but I am not able to test this connection, because this node is not existing yet)!

I would be grateful for comments to these observations

Best regards

Jürgen
Print
Go Up Pages1
User actions