I think you are taking about the proxy id's here, correct me if I am wrong. Tunnel Monitoring is used to keep a VPN tunnel communicating with the other VPN endpoint. If a tunnel monitor profile is created it will specify one of two action options if the tunnel is not available; wait-recover or fail-over. For tunnel monitoring, under Network> Ipsec Tunnels > Advance Options, the destination ip-address would be a single Ip-address. Secondary ip-address cannot be configure on the tunnel interface under Network > Interfaces > Tunnel However, you can set proxy ids to achieve this where you can keep the local private subnet in "local" field and the remote private subnet under "remote" field. The same proxy ids also need to be set on the other side but the local and the peer subnets would be reversed. Regards
... View more