In this mode, routing table can be used to send the specific traffic into the IPsec connection. It attaches an Virtual Tunnel Interface(VTI) to a single connection which is dynamically added into interfaces.
We can perform below operations on this interface:
1. Set Interface IP Address
2. Use in Static Unicast Routes
3. Use in Policy Based Routing
To proceed with this configuration, follow steps as below:
a) Navigate to VPN & CERTIFICATE > IPSEC Configuration.
b) Enter Name & set Key exchange to IKEv2
c) Configure other parameters as per the requirement
d) Navigate to VPN & CERTIFICATE > IPSEC > IPSEC Connections
e) Enter Name & Select Connection Type > Create Interface
f) Set Gateway Type to Respond Only
g) Select the above created IPSEC Configuration
h) Select rest of the parameters as per the requirement
i) Click Save & Activate the Connection
j) Go to Interfaces, you can see a dynamic virtual tunnel interface is created
h) Press edit icon and set the interface ip address
i) Go to More Utility->Routing->Add Unicast Route
j) Add access rules as per the requirement.
Note: If the ipsec tunnel is deleted then linked Virtual Tunnel Interface & its respective routes would be removed.