Creating the IPsec policy
- Go to Configuration > VPN > IPsec VPN > Encryption Policy - Tunnels tab.
- Select the IPsec policy that you wish to edit (IPsec 01 in the example).
- Click on the Mobile - Mobile users tab.
Config mode mobile policy
- Click on Add and select New config mode mobile policy.
A configuration wizard will start. - In the Local resources field, select the object representing the resources (host, network, or host/network group) that mobile users can access through the IPsec VPN tunnel. In the example, this object is the network group named IKEv2_EAP_LOCAL_NET_GRP.
- In the Peer selection field, select the mobile profile created earlier (mobile_IKEv2_EAP_CERT in this example).
- In the Remote networks field, select the network object created in the step Defining a network object that contains IP addresses assigned to mobile peers (IKEv2_EAP_CERT_Clients_Network in this example).
- Click on Finish.
- Double-click on the Status column to enable the rule.
- Click on Apply, then on Save to confirm and enable this configuration.
- Click on Yes, activate the policy.
The IPsec policy configured in Config mode is therefore: