Creating the IPsec policy
In the module Configuration > VPN > IPsec VPN > Encryption policy – Tunnels tab:
- Select the IPsec policy that you wish to modify from the drop-down list (IPsec 01 in the example).
- Click on the Mobile - Mobile users (or Anonymous - mobile users) tab.
- Click on Add.
- Select New policy.
A configuration wizard will start. - In the Mobile peer used field, select the mobile profile created earlier (IKEv1_Mobile_Users in the example).
- In the Local resources field, select the networks or network group(s) that mobile users can access through the IPsec VPN tunnel (objects Local_Network_Authorized_IPsec and Local_Network_Authorized_IPsec2 in the example).
- Click on Finish.
In the Checking the policy area, the warning message Pre-shared key authentication in aggressive mode severely deteriorates the level of security appears. - Click on Save then confirm by clicking on Save.
- If you wish to enable this policy, click on Yes, activate the policy, otherwise select Later.
The IPsec policy configured is therefore: