All IKE gateways configured on the same interface or local IP address must use
the same crypto profile when the IKE gateway’s
Peer IP Address
Type
is configured as
Dynamic
and IKEv1
main mode or IKEv2 is
applied.
If the crypto profiles are the same on the gateways, although the initial
connection might start off on a different gateway, the connection will shift to
the proper gateway when pre-shared keys or certificates and peer IDs are
exchanged.