Creating the IPSec policy - Config mode
In the module Configuration > VPN > IPSec VPN > Encryption policy – Tunnels tab:
- Select the IPSec policy that you wish to modify from the drop-down list (IPSec 01 in the example).
- Click on the Mobile users (or Anonymous - mobile users) tab.
- Click on Add.
- Select New Config mode policy.
A configuration wizard will start.
- In the Mobile peer used field, select the mobile profile created earlier (IKEv2_Mobile_Users in the example).
- In the Local network field, select the network that mobile users can access through the IPSec VPN tunnel (object Local_Network_Authorized_IPSec created earlier in the example).
Reminder: only one network can be selected. Network groups cannot be selected.
- In the Mobile network field, select the network object created in the step Defining a network object that contains IP addresses assigned to mobile peers (Mobile_Users_Network in the example).
- Click on Finish.
In the Checking the policy area, the warning message Pre-shared key authentication in aggressive mode severely deteriorates the level of security appears.
- Click on Save then confirm by clicking on Save.
- If you wish to enable this policy, click on Yes, activate the policy, otherwise select Later.
The IPSec policy configured in Config mode is therefore: