Understanding Traffic Selectors in Route-Based VPNs
The traffic selector actually refers to a specific arrangement which actually permits the traffic through the respective when it matches with the local as well as remote address. The proxy ID in IKEv1 is an example of a traffic selector. Several traffic selector can be defined while using a specific route based VPN which may result into a IPsec phase 2 security association for each of the configured traffic selectors. The traffic selected by the respective traffic selector can only be permitted through the SA.
While using a specific traffic selector only a single sub-network can be specified for the local & the remote addresses. Though remote as well as local addresses cannot be specified by the use of an address book, you may configure the traffic selectors by IPv4 or IPv6 addresses. Multiple traffic selectors can be associated with a specific von while using different tunnel modes e.g. IPv4-in-IPv4, IPv6-in-IPv6, IPv4-in-IPv6 & IPv6-in-IPv4 etc. All of the generally used traffic selectors are only supported by IKEv1.
At the time of configuring traffic selectors, traffic routes are automatically gets added. The process of negotiating traffic selectors is known as reverse route insertion (RRI). There may be a chance of the confliction between these routes & those ones which are populated in the routing protocols. At the time of configuring a selector there’s no need to configure the routing protocols on st0 interfaces. The passing of the traffic through a specific tunnel may get affected at the time of deletion of a specific traffic selector as it results into the removal of the IPsec SAs, tunnel sessions & routes etc. TO use the traffic selector again properly, the re-installation of the IPsec SAs, tunnel sessions & routes is needed. After the completion of this re-installation, you will be able to use the traffic selector without any hassles.