You want to set up a VPN tunnel to an external gateway. You had to make sure that the IKE P2 SA will only be established between two subnets and not all subnets defined in the default VPN domain of your gateway.
You want to set up a VPN tunnel to an external gateway. You had to make sure that the IKE P2 SA will only be established between two subnets and not all subnets defined in the default VPN domain of your gateway.
The correct answer is B. In the SmartConsole create a dedicated VPN Community for both Gateways. Selecting the local gateway in the Community you can set the VPN Domain to ‘User defined’ and put in the local network. This approach allows you to define specific subnets for the VPN domain, ensuring that the IKE Phase 2 Security Association (SA) is established only between the specified subnets.