I've got a xg210 firewall installed in my head office with static ip address that is configured to do VPN site-to-site with ipsec protocol with 12 branch offices which all have dynamic ip addresses with a cisco rv110 as their router. Both configurations match, we are using pre-shared key as autentication type and local ID as IP address:181.xxx.xxx.xxx
The IPsec policies config in XG210 is: on the cisco devices we have:
Keying method: automatic IKE policy table: exchange mode:main
Authentication mode: main mode SA parameters: encryption:aes128, autentication:sha-1
Compress: no DH-group: 768 bit SA-lifetime:120 DPD: delay:10, timeout:30
PFS: enabled(768 bit)
Encryption algorithm
Phase1: AES128 - SHA1 key life:120,re-key:60,margin:50 VPN policy table: SA-lifetime:120
Phase 2: AES128 - SHA1 encryption:aes128, integrity:sha-1
DPD: Check peer after every:90,Wait for response up to:110 PFS key group: DH-group 768 bit
When peer unreachable: re-initiate
If someone knows how to keep the tunnels up im down to suggestions.
PD: We need them to stay up even without traffic.
This thread was automatically locked due to age.