I have two Vigor 2920n units creating a LAN-to-LAN VPN.

I can configure a VPN using L2TP but the VPN will only connect when IPSEC policy is set to "None" or "Nice to have".

Both routers are running firmware 3.6.8.2 and I have configured the IKE PSK to exactly the same on each unit and both are using 3DES or AES (AES preferred).

The networks as as follows:

Code:

Vigor 2920n (LAN-to-LAN Client) --> ISP1 modem (Non-NAT thus Draytek has public IP) ==> Internet <== ISP2 (NAT modem/router with Draytek in DMZ) <-- Vigor 2920n (LAN-to-LAN Server)

Note: both sites are static IPs through the ISP.

I have followed numerous guides (including those on Draytek site) for creating the LAN-to-LAN VPN but all I can deduce is that perhaps port UDP 500 is blocked somewhere (but the ISPs are business broadband packages and (they say) nothing is blocked because customers have site-to-site VPNs all over the place), there is something wrong with my IKE settings, or I've completely missed something...

I have even tried one of the 2920n's on my home Internet to try and rule out an ISP block - same problem. Obviously the problem may be on the ISP side of the unit I haven't tried on a different connection, but, as I said, both ends of the VPN are on business broadband packages and I wouldn't expect things like IPSEC and other VPN ports to be blocked...

Is there anything else I can test?

Thaaaank you