When security gateways in an experiment topology use:
1) static routes (i.g., nhi_route):
    * The internal IP address (e.g., the address of an interior 
	interface) must be provided for an attribute 'dest' 
	in "nhi_route" within a SG.
    * The values of remoteSG for both IKE and IPsec (and sourceSG 
	for IPsec) can be the IP address of either interior or 
	experior interface.  However, if IPsec uses an interior 
	interface as remoteSG/sourceSG, then IKE must also use 
	the same interior interface and vice versa.

2) ospf:
    * The appropriate ospf attributes must be provided.
    * No need static routes in SGs.
    * The values of remoteSG for both IKE and IPsec 
	(and sourceSG for IPsec) can be the IP address of either 
	interior or experior interface.  However, if IPsec uses 
	an interior interface as remoteSG/sourceSG, then IKE must 
	also use the same interior interface and vice versa.

3) bgp:
    * The appropriate bgp attributes must be provided.
    * No need static routes in SGs.
    * The separate security entries are needed for BGP and user 
	traffic, respectively.
    * For BGP traffic, the values of remoteSG for both IKE and IPsec 
	(and sourceSG for IPsec) should be the physical address.  
	In other words, IPsec uses static address to establish 
	IPsec SAs for BGP data since route informations have not 
	been exchanged.
      For user traffic, if virtual interface is provided, use vritual
        interface as remoteSG and sourceSG.  If not, interior IP 
        address can be used.