how the FW decide which packet to encrypt ? by routing ? policy ? it's encrypt all packets that flow from the ipsec gateway interface ?
i didn't get it , cause in the configuration you can't bind the the IPSEC to any interface .
By the SPD.