-
Select Firewall > Access Policies > Unicast.
-
Click Add a Policy.
-
Permit IKE messages from the remote endpoints.
-
For Action, accept the default: Permit Traffic.
-
For From, select EXTERNAL.
-
For To, select SELF.
-
For Service, select isakmp.
-
For Source, select, remoteENDS.
-
For Destination, select localVPNGate.
-
Select the Enable logging on this Policy check box.

|
Because policy logging is processor-intensive, it is not recommended that you enable logging permanently. Use policy logging for troubleshooting and testing only.
|
-
Click Apply.
-
Permit IKE messages to the remote endpoints.
-
For Action, accept the default: Permit Traffic.
-
For From, select SELF.
-
For To, select EXTERNAL.
-
For Service, select isakmp.
-
For Source, select, localVPNGate.
-
For Destination, select remoteENDS.
-
Click Apply.
-
Permit traffic from the local endpoints to the remote endpoints' IKE mode config addresses:
-
For Action, accept the default: Permit Traffic.
-
For From, select INTERNAL.
-
For To, select ZONE3.
-
For Service, select Any Service.
-
For Source, select localENDS.
-
For Destination, select IKEmodeIPs.
-
Click Apply.
-
Permit traffic from the remote endpoints' IKE mode config addresses to the local endpoints:
-
For Action, accept the default: Permit Traffic.
-
For From, select ZONE3.
-
For To, select INTERNAL.
-
For Service, select Any Service.
-
For Source, select IKEmodeIPs.
-
For Destination, select localENDS.
-
Click Apply.
-
Click Close.
|
This example assumes that the Windows firewall on the client has been disabled.
|