Is it possible to have a separate Virtual Tunnel Interface per Phase 1? E.g. with IPSEC actively working with 1 or more IPSEC connections to different locations, the VTI created is 'enc0'. This makes monitoring with NMS difficult since the only interface being reported by SNMP is 'enc0'
With every Route based IPsec you get a new ipsecX device.
I see the con0/1 interfaces under the ipsec config but those probably aren't polled since they aren't a VTI. I've checked 'Do not install routes' to see if I could force a change but that doesn't seem to be working. I still only have the enc0 showing up as the ipsec interface if I check with ifconfig.