Creating the IPsec policy - Config mode
In the module Configuration > VPN > IPsec VPN > Encryption policy – Tunnels tab:
- Select the IPsec policy that you wish to modify from the drop-down list (IPsec 01 in the example).
- Click on the Mobile users (or Anonymous - mobile users) tab.
- Click on Add.
- Select New Config mode policy.
A configuration wizard will start. - In the Mobile peer used field, select the mobile profile created earlier (IKEv2_Mobile_Users in the example).
- In the Local network field, select the network that mobile users can access through the IPsec VPN tunnel (object Local_Network_Authorized_IPsec created earlier in the example).
Reminder: only one network can be selected. Network groups cannot be selected. - In the Mobile network field, select the network object created in the step Defining a network object that contains IP addresses assigned to mobile peers (Mobile_Users_Network in the example).
- Click on Finish.
In the Checking the policy area, the warning message Pre-shared key authentication in aggressive mode severely deteriorates the level of security appears. - Click on Save then confirm by clicking on Save.
- If you wish to enable this policy, click on Yes, activate the policy, otherwise select Later.
The IPsec policy configured in Config mode is therefore: