I have this huge confusion that i need to clear for sure.
1)in policy base vpn.
we have policies that describe the proxy-ids. all went well, policy match and it went through the tunnell.
Now reverse flow --> flow is encrypted. it needs to be decrypt first to match the pair policy. but pair policy has an action to
ipsec tunnel. ? why after the match a tunnel is needed ? why we need a pair policy any way.
2)i understand that source nat will lead to proxy id mismatch in policy based ipsec vpn. what i don't understand is that
how destination nat with policy base vpn works. since dnat is usually perform on incoming sessions. lets say if this is the case. then what will be the flow
Many thanks in advance