When using the preshared key feature of IPIP tunnels to dynamically create the IPSec policy, I am glad that we can using an FQDN for the remote-address parameter. But the local-address parameter is still configured as an IP address.
Does this matter? I was under the impression that if the local and remote addresses didn’t match exactly on both ends, that IPSec would not establish?
Or is this part handled dynamically whenever the WAN IP address were to change?
Anyone know?