I have one network interface with two IP, the first
one is and the other is (eth1)
At the moment, I want to setup one IPSec tunnels with
the remote machine:

But when I use local machine to trigger the IKE negotiation,
racoon uses and both as the source IP such that
tunnel is establish b/w both the IP & and &

But I want a tunnel only b/w one IP & and I want IP ping from any machine (I want no tunnel created with the IP).

My setkey.conf file:-
# Flush the SAD and SPD

# Create policies for racoon
spdadd any -P in ipsec

spdadd any -P out ipsec

My racoon.conf file :-

path include "/etc/racoon";
#path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";

exchange_mode main;
lifetime time 24hour;
certificate_type x509 "rncpet113_cert.pem" "rncpet113_key.pem";
verify_cert off;
my_identifier asn1dn;
peers_identifier asn1dn;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method rsasig;
dh_group 2;

sainfo address any address any {
pfs_group 2;
lifetime time 24 hour ;
encryption_algorithm 3des ;
authentication_algorithm hmac_md5 ;
compression_algorithm deflate ;

Can anyone help me ?