Forum Discussion
kkohegyi_165129
Nimbostratus
Hi,
The “interface” mode IPSec is working between route-domains.
But only one traffic-selector can be associated to IPSec channel so it is unusable if you want to use more encrypted subnets.
zeiss_63263
Dec 24, 2017Historic F5 Account
But only one traffic-selector can be associated to IPsec channel
True.
so it is unusable if you want to use more encrypted subnets.
Not quite true.
Interface mode has an additional hidden option whereby you can tell your BIG-IP to ignore the selector and obey the routing table. This means that you can bring up a tunnel using any old traffic-selector and then control the traffic that goes over the tunnel using dynamic or static routing.
For more information, please take a look at K31553030.