I have a block of IPs that I connect securely via an IPSec tunnel. There is a subset of that block that I do not want to send through IPSec tunnel because I have a different secure path to reach that block. Does anyone know how to bypass the encryption of that subnet of traffic without fully subnetting the block in the Policies tab of the IPSec page?
I figured it out.
I created a policy for the block that I did not want encrypted and in that policy I set the following which can be seen in the attached image:
- Action=none
- Level=use
- Priority=1 (greater that the policy for the main block).
