Project

General

Profile

Actions
Copy link

Bug #5211

closed

Auto-added IPsec rules overmatch in some circumstances

Added by Chris Buechler over 6 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Chris Buechler
Category:
IPsec
Target version:
2.2.5
Start date:
09/28/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

The auto-added IPsec rules over-match in some situations, primarily where using mobile IPsec. For instance if you have mobile IPsec enabled on a system that has IPsec endpoints behind it (usually an edge system that doesn't NAT), their ISAKMP and ESP traffic will hit the mobile route-to/reply-to pass rules and will leave the wrong WAN if mobile IPsec is enabled on a different interface.

Actions
Copy link
 #1

Updated by Chris Buechler over 6 years ago

  • Status changed from Confirmed to Feedback
Actions
Copy link
 #2

Updated by Chris Buechler over 6 years ago

  • Status changed from Feedback to Resolved

fixed

Actions
Copy link

Also available in: Atom PDF