Multiple traffic selectors on a route-based VPN

A traffic selector (also known as a proxy ID in IKEv1) is an agreement between IKE peers to permit traffic through a tunnel if the traffic matches a specified pair of local and remote addresses. With this feature, you can define multiple traffic selectors within a specific route-based VPN, resulting in a unique SA for each traffic selector configured. Only traffic that conforms to a traffic selector is permitted through the associated IPsec SA. To configure a traffic selector, use the traffic-selector configuration statement at the [edit security ipsec vpn vpn-name] hierarchy level. The traffic selector pair is defined with the mandatory local-ip ip-address and remote-ip ip-address statements. The CLI operational command show security ipsec security-association traffic-selector traffic-selector displays SA information for the specified traffic selector.