@Virgo 

  It has been working for a year or two. I have another connection that is static to static IP and I don't believe that connection has went down like this before.

  I may have fixed this, but not sure yet if it was a coincidence or not, but this problem IPsec connection is static to dynamic IP. On both sides, I was referring to a CNAME record address. I reconfigured both sides to use the A record address (results to same IP address) and negotiation was successful.

  The dynamic DNS is provided by No-IP. Could the reference to the CNAME record actually be the problem? Maybe No-IP made a change recently to cause this?

Any opinions or thoughts on this?

  @urbnsr  i have same issue , I am using windows 10 and trying to connect to tl-600 vpn and its failing .Same error as yours.. Looks like something not working . No knowledge on how to trouble shoot it.

  @urbnsr Have you tried to configure the VPN with Local-ID and Remote-ID as Name (Advanced Settings of the VPN)?

IMHO the Side with the static Internet-IP must better be responder...

  @Micky_Roth Thank you for reply.

  The way I have each LAN-To-LAN side setup is IP ID Type for static side and NAME ID Type for dynamic side. It was working this way, but recently stopped working until I changed dynamic side gateway and ID type from CNAME record to A name record. The connection has stayed up ever since I made this change. Are you suggesting that ID Type NAME be changed to a matching value which may be unrelated to dynamic side Domain Name?

  I have experienced that Static side needs to be initiator. The reason I have found if static side is responder and IP address changed on dynamic side, the dynamic side attempts a new IPsec connection with an unknown IP address (unknown to the static IP side) and static side refuses to accept the connection. I am gathering the the static side does not perform a DNS lookup when it is set to responder. It sees the unknown IP address and tells it to "take a hike". When static side is initiator, it seems to request a DNS lookup first before actually initiating the IPsec connection.

  If the IP address does not change, then I find that either side can be initiator and a connection request is successful. I just cannot control when the IP address may change.

  Thanks again...

Yes - I do use No-IP dynamic DNS service/server. I was using a CNAME config for this VPN connection. I was using CNAME to protect the main A record domain name. It was working with CNAME, but I wondered if No-IP made some kind of change, but the static side resolved the correct IP address for the dynamic side.