I've got a scenario whereby I've got a star community with all traffic routed through the center.
I've got a requirement now to break out SMTP traffic to a specific destination locally at one of the spokes (and at that spoke only - all other spokes should still encrypt and send through the center).
In the event that I exclude a specific source / destination / service via crypt.def, would traffic then obey a policy route on the gateway or would it still be sent to the center, but in cleartext? The spoke in question is a Quantum spark running 80.20.50 in case it's relevant.
Is there perhaps a better way of doing this than fiddling with crypt.def and INSPECT syntax? FWIW this is the syntax I'm looking to implement:
#define NON_VPN_TRAFFIC_RULES (src=192.168.1.10,dst=184.108.40.206,dport=25)
#define NON_VPN_TRAFFIC_RULES 0