I have a server which basically acts as a router, but also offers some other services. The server has 3 interfaces, one leading to the main LAN and one to a server segment. Both these interfaces have an IPSec policy applied, but some servers on the server segment do not require IPSec or simply cannot function with IPSec enabled.
Once RRAS is configured, is the IPSec policy applied on the traffic that is routed through the server, or only on the traffic that is directed at the server, or does this depend on the policy that is used?
So if I want to connect to RRAS server, IPSec should work as expected, but if I want to connect to a server on the server segment from the LAN, the IPSec policy should not interfere and the traffic should be routed as usual. Is this possible?
IPSec policies apply to communications TO and FROM a given server, but not THROUGH it; a RRAS server acts as a network router, and any IPSec policies applied to it shouldn't interfere with this.