I have a quick quesiton here in genernal when you set up an encryption domain for an ipsec tunnel the subnet mask
of your encryption domain must match your source/destination subnet mask. So for example say you have a source
of 126.96.36.199/24 and destination of 188.8.131.52/28 and you build your ecryption domain with these subnet.
now say the source end decides to change the source subnet from 184.108.40.206/24 to a 220.127.116.11/27
that mean on my encryption domain on the VPN device I also need to change it from a /24 to a/27 to match
my source otherwise if I leave my encryption domain as a /24 when I source from the /27 the source ip will be
denied and the tunnel will not come up because it is expecting a /24 but now it see's a /27 correct? so inorder
for me to fix this I must change my encryption domain from a /24 to a/27 to match my source subnet of a /27.