Creating the IPsec policy

  1. Go to Configuration > VPN > IPsec VPN > Encryption Policy - Tunnels tab.
  2. Select the IPsec policy that you wish to edit (IPsec 01 in the example).
  3. Click on the Mobile - Mobile users tab.

Config mode mobile policy

  1. Click on Add and select New config mode mobile policy.
    A configuration wizard will start.
  2. In the Local resources field, select the object representing the resources (host, network, or host/network group) that mobile users can access through the IPsec VPN tunnel. In the example, this object is the network group named IKEv2_EAP_LOCAL_NET_GRP.
  3. In the Peer selection field, select the mobile profile created earlier (mobile_IKEv2_EAP_CERT in this example).
  4. In the Remote networks field, select the network object created in the step Defining a network object that contains IP addresses assigned to mobile peers (IKEv2_EAP_CERT_Clients_Network in this example).
  5. Click on Finish.
  6. Double-click on the Status column to enable the rule.
  7. Click on Apply, then on Save to confirm and enable this configuration.
  8. Click on Yes, activate the policy.

The IPsec policy configured in Config mode is therefore: