Read carefully before proceeding

This document is intended for administrators who wish to quickly add mobile IKEv1 policies to their active IKEv1 configurations containing IKEv1 site-to-site IPsec tunnels.

The solution based on IKEv1 and pre-shared key authentication can indeed meet urgent requirements, even though the ANSSI does not recommend this mode as it does not provide optimal security (a warning appears when the IPsec policy is created).


  • If an IKEv2 peer is used in your active IPsec policy,
  • If one of peers used in the DSCP (option not available in SNS version 3.7.x-LTSB) field of your active IPsec policy has a value other than "00 Best effort",
  • Or if you wish to use an ANSSI-recommended configuration we recommend that you refer to the tutorial IKEv2 mobile IPsec VPN - Pre-shared key authentication.