UTM IPsec to UTM IPsec

Question

I'm trying to implement the configuration, but it doesn't work: 
 support.sophos.com/.../KB-000036832

I followed the instructions exactly point by point.
 1. Error message:
"we require peer to have ID 'IP Adress', but peer declares 'FQDN'
 I changed on Side A /Advanced/Preshared KeySettings/ to VPN-ID-Typ: Hostname and VPN-ID to FQDN
 the error message no longer comes, but new error messages: Side B: ignoring informational payload, type INVALID_ID_INFORMATION and ignoring informational payload, type INVALID_MESSAGE_ID Side A:
sending encrypted notification INVALID_ID_INFORMATION to "IP Address"
 what am I doing wrong?

Amodin · Answer

I just set one of these up with a friend two states away. I didn't even read one instruction and was able to get this set up with very little issue. I'll do what I can to show you what I did. 
 I created the Network Host for the remote internal network, and a second one for the WAN IP (external public IP address). I did the same on the remote UTM. 
 Under Site-to-site VPN > IPSec > Remote Gateways, I created the Remote Gateway for the remote UTM and the type is 'Initiate Connection'. I also added the remote internal network at the bottom. The VPN ID can just be the IP Address for both UTMs. The pre-shared key can be anything you want it to be, just has to be the same on both ends. 
 
 Under the 'Advanced' tab and Local RSA tab in the same area, the VPN ID is set to IP address as well (both UTMs). 
 Then you create the connection on the 'Connections' tab. Note: For the Policy I changed to AES-256 instead of SHA1, you can choose whatever you like so long as both matches.

Then on the remote UTM, you setup similar items with the 'Respond Only' instead of 'Initiate Connection'. You must match the Policy. 
 Once you have set up the remote UTM, start the remote UTM IPSec connection first, then the local UTM IPSec connection. If you have mismatches, you will not connect.