Multiple IPSec sessions

Multiple IPSec sessions

[mukesh Kumar]

[-- Attachment #1: Type: text/plain, Size: 301 bytes --]

Hi All,

   I am trying to extend conntrack/NAT to allow multiple IPsec(ESP)
tunnels to pass through.

The purpose is to allow multiple lan clients to have sessions with the
same server.

    Can someone suggest some designs for doing something like this .Any
help is greatly appreciated.

 

Mukesh


[-- Attachment #2: Type: text/html, Size: 1811 bytes --]

Re: Multiple IPSec sessions

[Antony Stone]

On Wednesday 14 January 2004 12:19 am, mukesh Kumar wrote:

> Hi All,
>
>    I am trying to extend conntrack/NAT to allow multiple IPsec(ESP)
> tunnels to pass through.

I'm not sure I understand why you need to "extend" it.

> The purpose is to allow multiple lan clients to have sessions with the
> same server.

This is possible anyway.   Standard connection tracking distinguishes 
independent connections by source & destination IP address (and also source & 
destination port in the case of TCP / UDP), therefore so long as at least one 
of the addresses involved in each connection is unique you should have no 
problem supporting mutliple sessions.   You say you wish multiple clients to 
access one server - the clients will all have different IP addresses, 
therefore they will be treated as independent connections.

Regards,

Antony

-- 
Anyone that's normal doesn't really achieve much.

 - Mark Blair, Australian rocket engineer

                                                     Please reply to the list;
                                                           please don't CC me.