My understanding of that note is that it is simply an over-simplification.
Since the creation of an ipsec policy is currently a non-trivial task, the
author appears to be overly cautious and suggests to the reader not that he
create Complimentary policies on both computers, but instead creates
Identical policies. This caution is further exaggerated by the fact that the
example is requiring fixed IPs for both peers which is a very unlikely case
for most RRAS deployments as clients typically get dhcp assigned addresses
connected to the internet. There's probably a hint to the author's intended
usage that gets missed with the sentence "L2TP/IPSec gateway-to-gateway VPN
implementations by using a preshare key for IKE authentication are
supported." Here he's laying down that he'd really only like you to use a
psk (if you really have to) between two RRAS servers, and not in a home vpn
scenario.
On the flip side, one might have thought the author a bit negligent in
helping secure a reader's interface if the instructions instead used more
general options of Me and Any. With the current directions it is obviously
much more difficult to establish an IPSec connection "uninvited", whereas
with a policy that allows the more general settings, anyone can connect once
the psk has been acquired.
Additionally, the use of Me or Any could potentially apply to interfaces not
inteded for this security policy.
