RE: typical IPsec-based VPNs incl. modecfg vs. DHCP

[BSingh@Nomadix.com]

Thanks for your responses.. I have another query regarding this.

I have a question about the IPsec SPD.. I had worked a long time back on
Linux freeswan.. What I do remember from that is that each tunnel on the
outbound side was represented as a virtual interface like ipsec0. So the
ipsec engine would insert routes in the routing tables on setup ( I wasn't
doing IKE) for these entries leading to my question in the first place
because I got the impression that IP routing is necessary and the most
typical demultiplexing method to insert packets into different tunnels.. i.e
somehow SPD policies map to a routing entry which would mean the destination
address being the sole criterion for tunnel selection. 

But I guess this is not what RFC2401 says and it leaves it open for various
implementations to have different SPD methodology.. Can you update me on
what other ways SPD entries are looked up for tunnel selection.. I am more
interested in the source address or some source parameter being included as
the criteria for tunnel selection or an SPD interface that lets me make
policies based on the source of the packets.. Is it possible? If you can
guide me there I would really appreciate it.. 

Thanks

-Bik