Project

General

Profile

Actions

Feature #3328

closed

Allow reordering of IPsec Phase 1 and Phase 2 entries

Added by Jim Pingle over 10 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
Normal
Category:
IPsec
Target version:
Start date:
11/19/2013
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

Currently the IPsec entries are stuck in the order they were created, which can be problematic if you need to ensure a specific order of potentially overlapping networks or exceptions.

If you have two tunnels, one for 10.0.0.0/8 and another for 10.10.10.0/24, if the second was created after the first, then it could never work. If it was created first, then it would be respected first -- however of course that subnet's traffic would never be reachable over the second tunnel, but there are still some valid use cases for this were customers have to connect to networks dictated by other vendors and partners.

Actions

Also available in: Atom PDF