Hi, When a IPSec tunnel is established between two peers, I understand that the "normal" situation is to have in a given moment two SAs, one for each direction of the tunnel. However, in one of my tunnels (peer P1 running GNU/Linux with setkey and racoon; peer P2 is a Cisco router) there is a large number (around 19) of SAs established (this has been observed in P1 with 'setkey -D'). I've glooged around and the "multiplicy of SAs" seems to be a pathological situation (as a matter of fact, connectivity trough that tunnel use to fail). Although I'm not an expert in the internals of IKE protocol, I've read that using 'initial_contact on' in the tunnel could help. However, using that parameter in racoon.conf and restarting hasn't solved the problem :( I would like to remark that P1 is running 6 tunnels and this only happens in one of them (the other 5 seems to work fine with just a pair of SAs). Maybe some Cisco-Linux interoperability issue? Any idea or suggestion about what can be happening? Please, tell me about if you need to know any extra information (logs, etc.) Any help is very welcome. Thanks in advance! Best regards, -------------------- Fermín Galán Márquez CTTC - Centre Tecnològic de Telecomunicacions de Catalunya Parc Mediterrani de la Tecnologia, Av. del Canal Olímpic s/n, 08860 Castelldefels, Spain Room 1.02 Tel : +34 93 645 29 12 Fax : +34 93 645 29 01 Email address: fermin dot galan at cttc dot es _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
