Most users will want this box checked. Setting this will make IPsec available
only on the interface which is attached to the default route. On a single
interface machine this is the single interface, and on a multiple interface
machine this would be whichever one was facing "the outside" (also known as
the "Untrusted Interface").
If you are unclear on what this all means then just leave this box checked.