Creating the IPsec policy

In the module Configuration > VPN > IPsec VPN > Encryption policy – Tunnels tab:

  1. Select the IPsec policy that you wish to modify from the drop-down list (IPsec 01 in the example).
  2. Click on the Mobile - Mobile users (or Anonymous - mobile users) tab.
  3. Click on Add.
  4. Select New policy.
    A configuration wizard will start.
  5. In the Mobile peer used field, select the mobile profile created earlier (IKEv1_Mobile_Users in the example).
  6. In the Local resources field, select the networks or network group(s) that mobile users can access through the IPsec VPN tunnel (objects Local_Network_Authorized_IPsec and Local_Network_Authorized_IPsec2 in the example).
  7. Click on Finish.
    In the Checking the policy area, the warning message Pre-shared key authentication in aggressive mode severely deteriorates the level of security appears.
  8. Click on Save then confirm by clicking on Save.
  9. If you wish to enable this policy, click on Yes, activate the policy, otherwise select Later.
    The IPsec policy configured is therefore: