TEP Policy
Issue 4 May 2005 209
TEP Policy
The Tunnel End Point (TEP) Policy tab provides control of the security policy applied to the
traffic that flows between the end points of a tunnel. The default is off, or Do not apply
configured VPN policies to TEP traffic.
Figure 65: Tunnel End Point Policy
Enabling apply configured VPN policies to TEP traffic encrypts the traffic destined to and from
tunnel end points when the following conditions are met:
Primary IP address of VSUs in your VPN domain must be included in the IP group they are
protecting.
SKIP tunnel mode or IKE is being used (SKIP Transport mode NOT being used).
Failing to meet these conditions, packets be subject to the non-VPN traffic policy (Permit or
Deny) selected in the VSU Packet Filtering/Advanced tab.
A typical example of when enabling Apply configured VPN policies to TEP traffic is desired is in
the situation of remotely reading an Active Sessions MIB object of a VSU. The information
returned here includes the user name or IP address for each session currently active on the
selected VSU. Obviously, having this SNMP information pass ove r the internet in t he clear is not
desirable.
This feature is not supported in releases of VPNmanager prior to 3.1. Because both tunnel end
points must have Apply configured VPN policies to TEP traffic enabled, the VSUs on each end
must also be running VPN NOS 3.1 or later.