Your organization has an on-premises legacy VPN device that only supports IKEv1 and cannot use BGP. You need to set up connectivity between your on-premises network (using subnets 172.16.100.0/24, 172.16.101.0/24, and 172.16.102.0/24) and Google Cloud (using subnets 192.168.100.0/24, 192.168.101.0/24, and 192.168.102.0/24). A VPN gateway is already configured. How should you proceed to set up a policy-based VPN tunnel?