tech-security: Re: src-ip for tunnel exterior

Subject: Re: src-ip for tunnel exterior
To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
List: tech-security
Date: 01/24/2001 12:51:55

>  I can see that this won't work for Racoon/Racoon, but TimeStep Permit at
>the end does let me do this. Once I establish a tunnel for the inside
>addresses, they will route stuff to me.

	they basically hardcode "SAD inserted then install SPD" kind of rule
	into their IKE daemon.

itojun