
bintec elmeg Gateways support two different methods for establishing IPSec connections:
• a method based on policies and
• a method based on routing.
The policy-based method uses data traffic filters to negotiate the IPSec phase 2 SAs. This
enables the filtering of the IP packets to be very "fine grained" down to protocol and port
level.
The routing-based method offers various advantages over the policy-based method, e.g.,
NAT/PAT within a tunnel, IPSec in combination with routing protocols and the creation of
VPN backup scenarios. With the routing-based method, the configured or dynamically
learned routes are used to negotiate the IPSec phase 2 SAs. While it is true that this meth-
od simplifies many configurations, at the same time there can be problems due to compet-
ing routes or the "coarser" filtering of the data traffic.
The Additional Traffic Filter parameter fixes this problem. You can filter more "finely", i. e.
you can, e. g., specify the source IP address or the source port. If there is a Additional
Traffic Filter configured, it is used to negotiate the IPSec phase 2 SAs; the route only de-
termines which data traffic is to be routed.
If an IP packet does not match the defined Additional Traffic Filter it is discarded.
If an IP packet meets the requirements in an Additional Traffic Filter , IPSec phase 2 ne-
gotiation begins and data traffic is transferred over the tunnel.
Note
The parameter Additional Traffic Filter is only relevant to the initiator of the IPSec
connection, it only applies to outgoing data traffic.
Note
Please note that the phase 2 policies must be configured identically on both of the
IPSec tunnel endpoints.
Add new entries with Add.
bintec elmeg GmbH
23 VPN
elmeg hybird 120 / hybird 130
471
Содержание elmeg hybird 120
Страница 18: ...Table of Contents bintec elmeg GmbH xvi elmeg hybird 120 hybird 130...
Страница 48: ...Fig 11 Cable fix Fig 12 Strip the insulation 3 Installation bintec elmeg GmbH 30 elmeg hybird 120 hybird 130...
Страница 65: ...6 6 WEEE information bintec elmeg GmbH 6 Technical data elmeg hybird 120 hybird 130 47...
Страница 172: ...Fig 67 VoIP Settings SIP Provider New 13 VoIP bintec elmeg GmbH 154 elmeg hybird 120 hybird 130...