Which type VPN is configured,  Route-Based or Policy-Based?

When should I configure Route-Based or Policy-Based?

Policy Based:

• A Policy Based VPN is a configuration in which a specific VPN tunnel is referenced in a policy whose action is set as Tunnel.  The tunnel icon appears as either a Lock or as a Lock with directional arrows as shown in the sample below. The icon below indicates the policy is configured for a Bi-Directional Tunnel.
  

  
  

Common Reasons to use a Policy-based VPN:

• Remote VPN device is a non-Juniper device
• Need to access only one subnet or one network at the remote site, across the VPN

Route Based:

• A Route Based VPN is a configuration in which the policy does not reference a specific VPN tunnel. Instead, a VPN tunnel is indirectly referenced by a route that points to a specific tunnel interface. The tunnel interface may be bound to a VPN tunnel or to a tunnel zone.
• When a tunnel interface is in a security zone, a tunnel interface must be bound to a VPN tunnel. This is necessary in order to create a routing- based VPN configuration. The tunnel interface can be numbered or unnumbered. If it is unnumbered, the tunnel interface borrows the IP address from the security zone interface.
• A tunnel is a means for delivering traffic between points A and B, and a policy as a method for either permitting or denying the delivery of that traffic. Simply put, ScreenOS allows you the freedom to separate the regulation of traffic from the means of its delivery.
• If the tunnel interface does not need to support Policy Based NAT, and the configuration does not require the tunnel interface to be bound to a tunnel zone,  the interface can be specified as unnumbered. An unnumbered tunnel interface must be bound to a security zone; it cannot be bound to a tunnel zone. An interface must also be bound to the security zone whose IP address the unnumbered tunnel interface borrows.

In addition, the Route Based VPNs must include the following configuration information:

• Tunnel Interface
• Phase I VPN Gateway configuration (listed under VPNs > AutoKey Advanced > Gateway  on the WebUI)
• Phase II VPN configuration (listed under VPNs > AutoKey IKE  on the WebUI); including:
  • Local and Remote Proxy ID 
  • VPN configuration bound to tunnel interface
• Route for remote network pointing to tunnel interface
• Policy specifying action of "Permit" to allow traffic

• Source or Destination NAT (NAT-Src, NAT-Dst) needs to occur as it traverses the VPN
• Overlapping Subnets/IP Addresses between the two LANs
• Hub-and-spoke VPN topology
• Design requires Primary and Backup VPN
• A Dynamic Routing Protocol (i.e. OSPF, RIP, BGP) is running across the VPN
• Need to access multiple subnets or networks at the remote site, across the VPN