Creating the IPSec policy - Config mode

In the module Configuration > VPN > IPSec VPN > Encryption policy – Tunnels tab:

  1. Select the IPSec policy that you wish to modify from the drop-down list (IPSec 01 in the example).
  2. Click on the Mobile users (or Anonymous - mobile users) tab.
  3. Click on Add.
  4. Select New Config mode policy.
    A configuration wizard will start.
  5. In the Mobile peer used field, select the mobile profile created earlier (IKEv2_Mobile_Users in the example).
  6. In the Local network field, select the network that mobile users can access through the IPSec VPN tunnel (object Local_Network_Authorized_IPSec created earlier in the example).
    Reminder: only one network can be selected. Network groups cannot be selected.
  7. In the Mobile network field, select the network object created in the step Defining a network object that contains IP addresses assigned to mobile peers (Mobile_Users_Network in the example).
  8. Click on Finish.
    In the Checking the policy area, the warning message Pre-shared key authentication in aggressive mode severely deteriorates the level of security appears.
  9. Click on Save then confirm by clicking on Save.
  10. If you wish to enable this policy, click on Yes, activate the policy, otherwise select Later.

The IPSec policy configured in Config mode is therefore: