Edit the IPSec remote access connection profile, set DualShield as the authentication server.
Create a logon procedure with two logon steps:
