Hello All.
I've installed RB2011 with ROS 5.25 at central office .
There are 4 vpn tunnels exist.
Sometime SAs have strange behavior - they do not disappear, and I can't explain why - see attachment.
As I understood there should only one pair for each tunnel
SRC<->DST /DST<->SRC
but sometimes i have 3 of them for each tunnel
So, could some one of you give me next brief answer on following questions.
1. Why SAs have this behavior? I tend to think that something wrong with config, but i have not clue what exactly
2. If I have same settings of proposal for all tunnel , should i create 4 different proposal or i can use only one.
3. Send Initial Contact
As I understood by using "Send Initial Contact" I can setup what side will be responder.
However, what if on "receiver" will be rebooted. Does responder initiate one more session?
Is it safe to tick "Send Initial Contact " on both sides?
4) Generate-policy
"Allow this peer to establish SA for non-existing policies. Such policies are created dynamically for the lifetime of SA. Automatic policies allows, for example, to create IPsec secured L2TP tunnels, or any other setup where remote peer's IP address is not known at the configuration time. "
This description gives me nothing.
As I understood it somehow related to proposal. If the proposal of one side do not equal to the one that opposite side has, than:
If I do not tick the box , then connection will be established
If I tick the box and proposal do not much the opposite side, then connection will be
Am I right ?
Is it safe to tick "generate-policy " on both sides?
Thank you in advance.
Alex