There are several steps to configuring a star site-to-site VPN.
First, the central hub gateway must be configured with a tunnel connection to every remote gateway. Then, every remote gateway must be configured with a connection back to the central hub.
For information about what address objects are needed, you can review the example: Example: Star Site-to-Site VPN
IPsec policies are selected when configuring an IPsec VPN connection. You can use the Default IPsec policy, use another existing policy, or you can add a new IPsec policy.