After you have configured the security policies for your connection, then configure the secure connection.
For dynamic connections, the secure connection object includes a dynamic-key group and a dynamic-key connection.
The dynamic-key group defines the common characteristics of one or more VPN connections. Configuring a dynamic-key group allows you to use the same policies, but different data endpoints for each connection within the group. Dynamic-key groups also allow you to successfully negotiate with remote initiators when the data endpoints proposed by the remote system are not specifically known ahead of time. It does this by associating the policy information in the dynamic-key group with a policy filter rule with an IPSEC action type. If the specific data endpoints offered by the remote initiator fall within the range specified in the IPSEC filter rule, they can be subjected to the policy defined in the dynamic-key group.
The dynamic-key connection defines the characteristics of individual data connections between pairs of endpoints. The dynamic-key connection exists within the dynamic-key group. After you configure a dynamic-key group to describe what policies connections in the group use, you need to create individual dynamic-key connections for connections that you initiate locally.
To configure the secure connection object, complete both the Part 1 and Part 2 tasks:
Related concepts
Configuring VPN security policies Configuring VPN packet rules
After you complete these steps, you need to activate the packet rules that the connection requires to work properly.
In most cases, allow the VPN interface to generate your VPN packet rules automatically by selecting the Generate the following policy filter for this group option on the Dynamic-Key Group - Connections page. However, if you select the The policy filter rule will be defined in Packet Rules option, then configure VPN packet rules by using the Packet Rules editor and then activate them.