Chapter 11 IPsec VPN for FortiOS 5.0 : Defining VPN security policies : Defining VPN security policies : Defining an IPsec security policy for a policy-based VPN : Before you begin
  
Before you begin
Before you define the IPsec policy, you must:
Define the IP source and destination addresses. See “Defining policy addresses”.
Specify the phase 1 authentication parameters. See “Auto Key phase 1 parameters”.
Specify the phase 2 parameters. See “Phase 2 parameters”.
To define an IPsec security policy
1. Go to Policy > Policy > Policy.
2. Select Create New and select VPN.
3. Complete the options:
Local Interface
Select the local interface to the internal (private) network.
Local Protected Subnet
Select the name that corresponds to the local network, server(s), or host(s) from which IP packets may originate.
Outgoing VPN Interface
Select the local interface to the external (public) network.
Remote Protected Subnet
Select the name that corresponds to the remote network, server(s), or host(s) to which IP packets may be delivered.
Schedule
Keep the default setting (always) unless changes are needed to meet specific requirements.
Service
Keep the default setting (ANY) unless changes are needed to meet your specific requirements.
VPN Tunnel
Select Use Existing and select the tunnel from the drop-down list.
Allow traffic to be initiated from the remote site
Select if traffic from the remote network will be allowed to initiate the tunnel.
4. You may enable UTM features, and/or event logging, or select advanced settings to authenticate a user group, or shape traffic. For more information, see the Firewall chapter of The Handbook.
5. Select OK.
6. Place the policy in the policy list above any other policies having similar source and destination addresses.