When this machine is only serving IPsec on one interface it can determine IP address and routing information automatically. When there is more then one interface you (the administrator) needs to fill in the "server-half" of the configuration.
If you are unsure what all this means, and you are only doing IPsec on your external (trusted) interface (or a single interface), then check the Single Interface box and leave this option Disabled.