How to enable Tunnel Isolation Mode
-
Dear all:
can you enlight me how to enable Tunnel isolation mode lease. Thanks in advance -
What exactly do you mean by "Tunnel isolation mode"?
-
@jimp Hi: thanks for your answer, but still not sure if that's what I need.
My problem is I'm having some intermittence in IPsec, so I want to diagnose if it's a problem with the encryption domains. From what I researched could be traffic being dropped intermittently because of tunnel configuration for multiple domains, so I want to isolate the failure.
One way was as I found to make multiple IPsec with just one encryption domain each. So I found the tunnel isolation on Ipsec could be useful for that. -
Sounds like what you want is "Split connections" in the P1 options.
IKEv1 is always split -- each P2 gets its own separate configuration
IKEv2 can combine traffic selectors and does so by default, so all your P2 configurations get lumped into a single configuration entry. This is more efficient and flexible, since it only needs to maintain one child SA for all traffic, but some other devices/services don't like it for various reasons.If you are using IKEv2 and check "Split Connections" then it creates a separate configuration for each P2 so they will be independent.