I have a cable and DSL connection. 2 remote offices, one on cable, one on DSL. The IPSEC traffic for the DSL connection is going out over the cable connection, and I'm not sure where to put the gateway spec. Since the to-be-tunneled traffic arrives on the LAN interface, then gets encapsulated, I'm just not sure which rule tab to add it to.
Would I put it on the ESP, and match the endpoints? Or put it on the ESP and match the contents of the tunneled traffic? or just it on opt1? Although I don't think opt1 would make sense, since that's arriving, not departing. Or do I put it on the LAN, and use the private IP space that's being tunneled as the source/dest, and set the gateway to the OPT1 interface? It only came up, because the cable/DSL provider connectivity dropped, and nobody on the DSL side could connect, but the cable tunnels kept working. Digging into it more revealed the traffic route oddity. Until recently, we had cable everywhere, problem never came up... Thanks for the help.
