Configuring IPsec Remote Access Group Policy
4. Use the IPsec Group Policy page to configure the following parameters of the IPsec Remote Access group policy:
• Group Name: Enter the name for the group policy.
• IKE Authentication Method: Specify the authentication method.
– Pre-shared Key: Uses a simple, password-based key to authenticate. If you choose this option, enter the desired value that remote VPN clients must provide to establish the VPN connections. The pre-shared key must be entered exactly the same here and on remote VPN clients.
– Certificate: Uses the digital certificate from a third party Certificate Authority (CA) to authenticate. If you choose this option, select a CA certificate as the local certificate from the Local Certificate drop-down list and select a CA certificate as the remote certificate from the Peer Certificate drop-down list for authentication. The selected remote certificate on the IPsec VPN server must be set as the local certificate on remote VPN clients.
NOTE: You must have valid CA certificates imported on your security appliance before you use the digital certificates to authenticate. Go to the Device Management > Certificate Management page to import the CA certificates. See Managing Certificates for Authentication, page 350.