TRENDnet TW100-BRV324 manual VPN Configuration, VPN Endpoint, address, Traffic Selector

Microsoft VPN

Note that different vendors use different terms. Generally, the terms "VPN Policy", "IPSec Policy", and "IPSec Proposal" have the same meaning. However, some vendors separate IKE Policies (Phase 1 parameters) from IPSec Policies (Phase 2 parameters).

For the Broadband VPN Gateway; each VPN policy contains both Phase 1 and Phase 2 parameters (if IKE is used). Each policy defines:

•The address of the remote VPN endpoint

•The traffic which is allowed to use the VPN connection.

•The parameters (settings) for the IPsec SA (Security Association)

•If IKE is used, the parameters (settings) for the IKE SA (Security Association)

Generally, you will need at least one (1) VPN Policy for each remote site for which you wish to establish VPN connections.

It is possible, and sometimes necessary, to have multiple Policies for the same remote site. However, you should only Enable one (1) policy at a time. If multiple policies for the same remote site are enabled, the policies are examined in the order in which they are listed, and the first matching policy will be used. While it is possible to change the order of the policies, it may not be easy to get the desired action from multiple policies.

VPN Configuration

The general rule is that each endpoint must have matching Policies, as follows:

If connecting 2 LANs, this requires that:

•Each endpoint must be aware of the IP addresses used on the other endpoint.

•The 2 LANs MUST use different IP address ranges.

IKE parameters If using IKE (recommended), the IKE parameters must match (except for the SA lifetime, which can be different).

IPsec parameters The IPsec parameters at each endpoint must match.

71