Configuring IPsec Settings for Remote Access VPNs

The IPsec settings are applicable only if you selected IPsec as the VPN protocol while configuring your remote access VPN policy. If not, you can enable IKEv2 using the Edit Access Interface dialog box. See Configure Access Interfaces for Remote Access VPN for more information.

Procedure

Step 1

Choose Devices > VPN > Remote Access.

Step 2

From the list of available VPN policies, select the policy for which you want to modify the settings.

Step 3

Click Advanced.

The list of IPsec settings appears in a navigation pane on the left of the screen.

Step 4

Use the navigation pane to edit the following IPsec options:

  1. Crypto Maps—The Crypto Maps page lists the interface groups on which IKEv2 protocol is enabled. Crypto Maps are auto generated for the interfaces on which IKEv2 protocol is enabled. To edit a Crypto Map, see Configure Remote Access VPN Crypto Maps. You can add or remove interface groups to the selected VPN policy in Access Interface. See Configure Access Interfaces for Remote Access VPN for more information.

  2. IKE Policy—The IKE Policy page lists all the IKE policy objects applicable for the selected VPN policy when Secure Client endpoints connect using the IPsec protocol. See IKE Policies in Remote Access VPNs for more information. To add a new IKE policy, see Configure IKEv2 Policy Objects. Threat Defense supports only Secure Client IKEv2 clients. Third-party standard IKEv2 clients are not supported.

  3. IPsec/IKEv2 Parameters—The IPsec/IKEv2 Parameters page enables you to modify the IKEv2 session settings, IKEv2 Security Association settings, IPsec settings, and NAT Transparency settings. See Configure Remote Access VPN IPsec/IKEv2 Parameters for more information.

Step 5

Click Save.