The routing-based method offers various advantages over the policy-based method, e.g.,
NAT/PAT within a tunnel, IPSec in combination with routing protocols and the creation of
VPN backup scenarios. With the routing-based method, the configured or dynamically
learned routes are used to negotiate the IPSec phase 2 SAs. Although this method does
simplify many configurations, problems may also be caused by competing routes or the
"coarser" filtering of data traffic.
The Additional IPv4 Traffic Filter parameter fixes this problem. You can apply a "finer" fil-
ter, i.e. you can enter the source IP address or the source port. If a Additional IPv4 Traffic
Filter is configured, this is used to negotiate the IPSec phase 2 SAs; the route now only
determines which data traffic is to be routed.
If an IP packet does not match the defined Additional IPv4 Traffic Filter , it is rejected.
If an IP packet meets the requirements in an Additional IPv4 Traffic Filter , IPSec phase 2
negotiation begins and data traffic is transferred over the tunnel.
Note
The parameter Additional IPv4 Traffic Filter is exclusively relevant for the initiator of
the IPSec connection, it is only used for outgoing traffic.
Note
Please note that the phase 2 policies must be configured identically on both of the
IPSec tunnel endpoints.
14.1.1 IPSec Peers
An endpoint of a communication is defined as peer in a computer network. Each peer of-
fers its services and uses the services of other peers.
A list of all configured IPSec Peers is sorted by priority displayed in the
VPN->IPSec->IPSec Peers menu.
14 VPN bintec elmeg GmbH
352 bintec RS Series
To Next Page
Loading...
