...
You firewall IP. This is likely going to be the same as your “WAN Address” as defined earlier but it is possible you are setting up a device that is located inside the network and so this might be the private IP of your device and so your edge firewall must permit this traffic.
“Peer IP” as defined earlier.
Application/Port: IKE (udp/500, tcp/500) and IPsec (udp/4500 and ipsec protocol)
You will also need to permit DNS and DHCP through the tunnel and you may want to allow ICMP as the “Service IP” is pingable through the VPN.
...