IPsec VPN with native Mac OS X client

1. Configuring the IPsec VPN using the Wizard

Go to VPN > IPsec Wizard.

Name the VPN connection, set Template Type to Remote Access, select the Cisco Client remote device type, and select Next. 

Set Incoming Interface to the Internet-facing interface.

Select the Pre-shared Key authentication method and enter a pre-shared key.

Apply the appropriate User Group and select Next.

Set Local Interface to the internal interface and set Local Address to all.

Enter a Client Address Range for VPN users and select Create.

Disable split tunneling if you want all traffic (Internet and internal) to go through the IPsec VPN tunnel.

The VPN Creation Wizard provides a summary of created objects.

2. Creating a security policy for remote access to the Internet

Go to Policy & Objects > IPv4 Policy and create a new policy that allows remote users to securely access the Internet.

Set Incoming Interface to the newly created tunnel interface and set Outgoing Interface to the Internet-facing interface.

Set Source to all, Destination Address to all, Schedule to always, and Service to ALL.

Enable NAT and select OK.

3. Results

Select the Shared Secret authentication and enter the same pre-shared key that was entered in the IPsec VPN Wizard, then select OK.

Be sure to Apply your network configuration.

In the Network window on the Mac, select the VPN and select Connect.

You should now be able to browse the Internet and have access to the internal network.