@riccardodv 

Yes but you have to do manuel IPsec tunnel. 

this is pretty simple to do in controller. Auto IPsec dont work very good anywhy . I have never get it to work.

Thank you  @shberge, that is what I am trying to do.

At both locations, I have a NAT before the ER605s, but I set the rules for IPsec (ports UTP 500 and 4500) on them. Moreover, both locations have dynamic public IP addresses, so I have a ddns service running on both VPN routers

what I cannot understand from the advanced settings is:

1- Negotioation mode should be set as responder at one of the two locations?

2- What should I write in local ID and remote ID?

thank you in advance

  @riccardodv 

NAT on both router do it more complicated. but try to set LOCAL id type to Site1 and remote ID to Site2, then opposit in remote site.

 Negotioation mode can you set to Initiator Mode in both site.

somthing like that

  @riccardodv In our case, we have 1 OC200 and ER605 in main office, and only ER605 in the remote branch, is it possible to make them see each other via VPN? Thanks