I have a quick quesiton here in genernal when you set up an encryption domain for an ipsec tunnel the subnet mask
of your encryption domain must match your source/destination subnet mask. So for example say you have a source
of 170.132.128.0/24 and destination of 168.162.30.240/28 and you build your ecryption domain with these subnet.
now say the source end decides to change the source subnet from 170.132.128.0/24 to a 170.132.128.96/27
that mean on my encryption domain on the VPN device I also need to change it from a /24 to a/27 to match
my source otherwise if I leave my encryption domain as a /24 when I source from the /27 the source ip will be
denied and the tunnel will not come up because it is expecting a /24 but now it see's a /27 correct? so inorder
for me to fix this I must change my encryption domain from a /24 to a/27 to match my source subnet of a /27.