Acording to documentation, if you configure level “use” in a policy:
use - skip this transform, do not drop the packet, and do not acquire SA from IKE daemon
As to my understanding, if no SA exists for the particular traffic because the tunnel is down at that moment, traffic should be routed according to the FIB. It’s not the case in my environment and, if certain tunnel is down, traffic is dropped even if the level of the matched policy is “use”.
¿Does anybody know if this is the expected behaviour?