Subject: Re: how do I do this with our ipsec...
To: Perry E. Metzger <perry@piermont.com>
From: Bill Studenmund <wrstuden@netbsd.org>
List: tech-security
Date: 06/22/2002 17:18:02
On 22 Jun 2002, Perry E. Metzger wrote:

>
> So I want to do something that isn't that weird if you think about it,
> but which isn't that obvious to do. I have a wireless host, and I'd
> like to shove all cleartext traffic into an IPSEC tunnel to the NetBSD
> based gateway to the wired network, but not bother to double-encrypt
> stuff that is already in IPSec.
>
> I can't figure out for the life of me if it is possible to set this
> up, or how I'd try to do it. Yes, I've read our manual pages. They
> aren't very informative. Could someone with clue perhaps drop me a
> note?

Can we set IPsec policy based on IP protocol number? If so, could you set
a clear-text policy for ESP & AH, and then have a default policy to catch
everything else going through the gateway?

Take care,

Bill