Eligibility for IPsec Non-Virtual Path Routes

Before to release 9.2, IPsec tunnel routes would remain in the route table even if the tunnel became unavailable.

Using the Keepalive option under Connections > [Site Name] > IPsec Tunnels enhances this behavior so that the IPsec non-virtual path Routes are now considered ineligible when the IPsec tunnel is no longer available. When the keepalive option is enabled, the SAs get created automatically without any traffic being sent through Tunnel.