[support] Nested ipsec
Arnaud Ebalard
arno at natisbad.org
Fri Sep 4 03:42:59 JST 2009
Hi,
"Ben McCarthy" <b.mccarthy at lancaster.ac.uk> writes:
> Has anyone tried running ipsec in a nested NEMO scenario before? We have a
> setup here where two MRs with working ipsec configurations can establish
> their MR-HA tunnels fine if they connect to an access network AP, but if one
> of those MRs roams behind the other and connects to its Ingress interface,
> its subsequent BU is not received by the HA. Analysing the interface on the
> HA, we can see that the BU arrives, has the ipsec tunnel header added by the
> intermediary MR removed, but then the ipsec transport mode encrypted BU is
> not then decrypted as it should be (and as it is if we connect directly via
> a normal access network connection) and therefore it isn't passed up to the
> HA.
>
> Has this been experienced by anyone before?
I did experienced that before with a MN roaming behind a MR but had no
time to debug it further. Sorry not to be more helpful on that one.
Cheers,
a+
More information about the Support
mailing list