You configure route-based IPsec VPN by first adding a Phase 1 and selecting Enable IPsec Interface Mode. This adds an IPsec interface with the same name as the Phase 1.

A security policy for this VPN is a standard security policy that allows traffic between the IPsec interface and another FortiGate unit interface. Create a new policy, select the Firewall policy type and the Address policy subtype. To allow traffic from the internal network to connect to the VPN, set the incoming interface to internal and the outgoing interface to the IPsec interface. Otherwise configure the security policy like any basic security policy.