Configuring Named Objects for VPN Firewall Access Policies

To see an explanation of the figure below, go here.

IPsec Policy Traffic Selector

For the IPsec policy traffic selector, you can configure named objects for the following:

  • Protocol — You cannot create a service object or service group for this field.

  • Local  Address — Single-entry IP, range, or network address object (You cannot select an address object for this field if you will be configuring IKE mode config.)

  • Remote Address — Single-entry IP, range, or network address object

Firewall Access Policies

For the VPN firewall access policies, you can configure the following:

  • Service — Service object or service group

  • Source — Any kind of address object or address group

  • Destination — Any kind of address object or address group