Hi

Bạn có thể đưa nguyên văn cái đoạn tiếng Anh đề cập đến hai thuật ngữ này lên đây được không?

Xin lỗi anh vì câu hỏi không rõ ràng
Generally, route-based VPNs are easier to configure than policy-based VPNs.
However, the two types have different requirements that limit where they can be
used.
You create a policy-based VPN by defining an IPSec firewall policy between two
network interfaces and associating it with a VPN tunnel (phase 1) configuration.
You create a route-based VPN by creating a VPN phase 1 configuration with
IPSec interface mode enabled. This creates a virtual IPSec interface. You then
define a firewall policy to permit traffic to flow between the virtual IPSec interface
and another network interface.
A virtual IPSec interface is a subinterface to a physical interface, an aggregate or
VLAN interface. You can view these virtual IPSec interfaces on the System >
Network > Interface page displayed under their associated physical interface
names in the Name column.

cái này thuộc tài liệu FortiGate IPsec Guide.
cám ơn anh Quang Minh

hi

Đọc đoạn trên, có thể tôi hiểu như sau:

policy-based VPN tương đương với IPSEC pha 2.
route-based VPN tương đương với ISAKMP (pha 1 trong việc tạo kênh VPN).

em đã tìm được định nghĩa chính xác xin post lên mọi người cùng tham khảo

Route-based VPN—A route lookup determines which traffic the security device
encapsulates. Policies either permit or deny traffic to the destination specified
in the route. If the policy permits the traffic and the route references a tunnel
interface bound to a VPN tunnel, then the security device also encapsulates it.
This configuration separates the application of policies from the application of
VPN tunnels. Once configured, such tunnels exist as available resources for
securing traffic en route between one security zone and another.

Policy-based VPN—A policy lookup determines which traffic the security
device encapsulates when the policy references a particular VPN tunnel and
specifies “tunnel” as the action.

A route-based VPN is good choice for site-to-site VPN configurations because you
can be apply multiple policies to traffic passing through a single VPN tunnel. A
policy-based VPN is a good choice for dialup VPN configurations because the dialup
client might not have an internal IP address to which you can set a route