Specification of a Virtual Router for an IKE Policy Rule Overview

An IKE policy rule can be configured to limit its scope to a specific local IP address on a specific virtual router. When enabled, this limitation ensures that this policy rule is evaluated for IKE security association evaluations for only the specified IP address and virtual router.

When initiating and responding to an IKE SA exchange, the router evaluates the possible policy rules as follows:

You can define an IKE policy rule without specifying an IP address or virtual router (the default). When not specifically configured, the IKE policy rule remains valid for any local IP address on any virtual router residing on the router.

Related Documentation