Project

General

Profile

Bug #5211

Auto-added IPsec rules overmatch in some circumstances

Added by Chris Buechler about 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Category:
IPsec
Target version:
Start date:
09/28/2015
Due date:
% Done:

0%

Estimated time:
Affected Version:
All
Affected Architecture:

Description

The auto-added IPsec rules over-match in some situations, primarily where using mobile IPsec. For instance if you have mobile IPsec enabled on a system that has IPsec endpoints behind it (usually an edge system that doesn't NAT), their ISAKMP and ESP traffic will hit the mobile route-to/reply-to pass rules and will leave the wrong WAN if mobile IPsec is enabled on a different interface.

Associated revisions

Revision 0e512ee3 (diff)
Added by Chris Buechler about 4 years ago

Use self rather than any in auto-added IPsec rules to prevent
over-matching. Ticket #5211

Revision be4e2cfe (diff)
Added by Chris Buechler about 4 years ago

Use self rather than any in auto-added IPsec rules to prevent
over-matching. Ticket #5211

History

#1 Updated by Chris Buechler about 4 years ago

  • Status changed from Confirmed to Feedback

#2 Updated by Chris Buechler about 4 years ago

  • Status changed from Feedback to Resolved

fixed

Also available in: Atom PDF