Defining Policy-Based VPN elements

The Policy-Based VPN element collects together the gateways and the VPN Profile, and provides the settings for defining the topology and the tunnels of the policy-based VPN.

The configuration of a Policy-Based VPN element has two stages: first you define some basic properties for the element, then you can add gateways and adjust the tunnels.

The main configuration for the VPN consists of defining which gateways are in the VPN and which of the gateways form tunnels with each other. You can also enter and renew pre-shared keys if you use them for authentication in this VPN.

The Sites and networks for each gateway element can be adjusted in the policy-based VPN, but most of the settings are not specific to the policy-based VPN. The only change that is specific to the policy-based VPN is to disable a Site element in the policy-based VPN. Disabling a Site excludes the IP addresses from that policy-based VPN only. Any other adjustments to the Sites and networks affect all other VPNs where the same gateway element is used.

You can also change some of the properties for tunnels between two particular gateways or endpoints, such as the VPN Profile used. You can also define Multi-Link VPN settings that allow you to select standby and active tunnels and to set tunnels to aggregate mode. In aggregate mode, each connection is automatically balanced between the aggregate tunnels.

Note: Although the VPN endpoints usually correspond to the NetLink interfaces in a Multi-Link configuration, the VPN endpoint settings are separate from the NetLink and Outbound Multi-Link definitions. For example, a NetLink that is set to standby for non-VPN traffic in an Outbound Multi-Link element can still be used as an active endpoint for VPN traffic.