- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-11-2020 06:08 AM
With physical interfaces you mean ethernet1/x? (Tunnel interfaces are virtual)
-yes, unnumbered means no ip assigned
-10.10.1.4/30 and 10.10.1.0/30 are unusable addresses (broadcast and network)
The usable ips in that subnet are .1/30 and .2/30
So if the local interface has .1 then the remote should use .2 and monitor would go to .2
-the ipsec packets will happen between the physical ethernet1/x I terfaces, typically untrust to untrust. Intrazone will take care of that (but I do recommend making explicit rules and blocking untrust to untrust at the end)
- the tunnel traffic will come from and will go to the virtual tunnel interfaces' zone
Hope this helps