Hello,

 

I have 2 ER707-M2 routers that I am connecting via an IPSEC tunnel.  The VPN connects fine and and can see each router from the network of of the other router.

 

The routers are not the same hardware version.  The one that is not routing correctly is version 1.0 . The one that is is version 1.2.  Both are setup identically with all the defaults except DPD disabled.

 

I have tried switching which router is the initiator/responder but the one that does route stays the same.

 

The only log message that I ever see is:

Set up IPsec connection successfully. (Peers=xxx.xxx.xxx.xxx<->xxx.xxx.xxx.xxx)

 

I have Client-LAN L2TP VPN's setup on both routers and when connected to those everything works as expected.

 

Router 1:  (Hardware Version 1.0 FW: 1.2.3 Build 20240822 Rel.52946)

Policy Name: wi2fl

Mode: LAN-to-LAN

Remote Gateway: xxx.xxx.xxx.xxx (Router 1 IP on Router 2)

WAN: 2.5G WAN1

Local Network Type: Network

Local Networks: LAN

Remote Subnet: 192.168.2.0/24 (192.168.0.0/24 on Router 2)

Pre-shared Key: xxxxxxxxxxxxxxxxxxx

Status: Enable

 

Phase-1 Settings

IKE Protocol Version: IKEv2

Proposal: sha1 aes256 dh2

Proposal: sha1 3des dh2

Proposal: sha256 aes256 dh5

Proposal: sha256 aes256 dh14

Negotiation Mode: Initiator Mode (Responder Mode on Router 2 though I have tried swithcing these0

Local ID Type: IP Address

Remote ID Type:  IP Adddress

SA Lifetime: 2880

DPD: Disabled

 

Phase-2 Settings

Encapsulation Mod:  Tunnel Mode

Proposal: esp sha1 aes256

Proposal: esp sha1 3des

Proposal: esp sh256 eas256

Proposal: esp md5 3des

PFS: none

SA Lifetime: 28800