Site To Site Auto or Manual IPSec not working
I have 1 ER7206 Routers. We are connecting 2 branch offices by VPN with very fast/high bandwidth connections at each.
Each branch office will connect to 1 main ER7206.
Each router is connected to the internet both router being BT Smarthub 2 and provides connections to the LAN normally.
We are using the omada hardware controller linked to ER7206 and linked to the Omada Cloud.
The routers are also connected and adopted and configured with the following subnets.
Main Branch 192.168.1.0/24
Remote site 192.168.3.0/24
We created an Auto IPsec connection for "Remote Site" using the omada interface, checked the connection was auto-created on both ends. No VPN Tunnels are active listed in the omada>insight>VPN Status menu. Even after we rebooted both routers.
We deleted the Auto IPSec entry and created a "Manual IPsec" VPN Tunnel.
We specified the remote gateways for both ends using the public IP as we have one static one and other is dynamic on each end
The manual ipsec tunnel used the following settings for each end:
Site to site VPN
Manual IPsec
Status - Enable
Remote gateway - Public IP
Remote Subnet - The subnet of each end i.e 192.168.0.1/24 - 192.168.3.0/24
Local Networks: all
Preshared Key: Same key on both ends.
WAN - WAN
Phase 1
Key Exchange Version - Have tried both IKEv1 and IKEv2
Proposal - SHA1-DES-DH5 on both
Negotiation Mode - Initiator on both
Negotiation Mode - When using IKEv1 we tried both Main and agressive on both
Local ID - Name: Each has unique ID or tried IP Adress
Remote ID - Name - Other ends ID that matches the Local ID or Set To IP Adress
SA Lifetime - 28800
DPD - Enable
DPD Interval - 10
Phase 2
Encasulation Mode: - Tunnel
Proposal - ESP-SHA1-AES256
PFS - None
SA Lifetime - 28800
not sure why it is not working but would love some advice on this? also rebooted the 2 routers with no success.