Hi PhoneBoy,
The peer is a Cisco router and it is using a single configuration for two of our gateways, and it has two networks configured for their phase two remote (10.164.128.0 and 10.164.0.0). Their local network is 172.16.0.0.
We have two gateways, one is configured for local 10.164.128.0 and the other for 10.164.0.0. We are using separate VPN Communities. The issue is that both our gateways accept both incoming phase 2, although it is not specified in it's security domain.
I am worried this will affect the remote end's routing and wanted to deny the non-specified phase 2.