Project

General

Profile

Actions

Bug #5211

closed

Auto-added IPsec rules overmatch in some circumstances

Added by Chris Buechler about 9 years ago. Updated almost 9 years ago.

Status:
Resolved
Priority:
Normal
Category:
IPsec
Target version:
Start date:
09/28/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

The auto-added IPsec rules over-match in some situations, primarily where using mobile IPsec. For instance if you have mobile IPsec enabled on a system that has IPsec endpoints behind it (usually an edge system that doesn't NAT), their ISAKMP and ESP traffic will hit the mobile route-to/reply-to pass rules and will leave the wrong WAN if mobile IPsec is enabled on a different interface.

Actions #1

Updated by Chris Buechler about 9 years ago

  • Status changed from Confirmed to Feedback
Actions #2

Updated by Chris Buechler almost 9 years ago

  • Status changed from Feedback to Resolved

fixed

Actions

Also available in: Atom PDF