tech-net: Re: Flexibility of IPSec IP range configuration

Subject: Re: Flexibility of IPSec IP range configuration
To: I-Wei Chen <gis90590@cis.nctu.edu.tw>
From: None <itojun@iijlab.net>
List: tech-net
Date: 12/25/2002 18:40:13

>  Recently, I use KAME/IPSec to establish tunnels with other commercial
>  products. I find most of them can support 'range ip address' which 
>  means they can specify ip range in the policy like this :
>  192.168.1.100 ~ 192.168.1.200 (i.e. 100, 101, 102..199, 200)
>  However, KAME/IPSec can only specify ip range in the form of IP/Prefix_Length, 
>  that can't match ip range 192.168.1.100 ~ 192.168.1.200 
>
>  So, tunnel can't be established because IKE checks whether these two tunnel endpoints have 
>  the same SA information.
>
>  Will new KAME/IPSec support more flexible IP range configuration ?

	even in the latest KAME tree there's no support for IP address range.
	we have no plans on this one.

itojun