Hi,

I'm trying to create a VPN between a Cisco RV082 and a Draytek 2910

The Cisco sits on a Public IP, the Draytek sits behind a NAT router in a remote location.
Lets say Drayteks local IP is 10.10.10.1, and its public IP is 195.201.1.20
Previously the Draytek was talking to a Speedtouch, which worked OK.

I configured the IPSEC.
The Cisco reports the following:

Oct 27 17:00:01 2009 VPN Log Main mode peer ID is ID_IPV4_ADDR: '10.10.10.1'
Oct 27 17:00:01 2009 VPN Log We require peer to have ID '195.201.1.20', but peer declares '10.10.10.1'

For some reason the Cisco also needs the Peer ID to be the public IP.

I figured that this might be the "My WAN IP" in the Draytek VPN settings, and tried putting that from 0.0.0.0 to 195.201.1.20. But no luck.

I cant see how to turn this off on the Cisco.

Probably not really the right solution (i.e. it should really be disabled in the Cisco), but I believe the ID is the Local ID in the advanced settings of the Dial Out connection - assuming you are using the 2910 to dial out.

There isnt an "advanced settings" on the 2910

At the bottom theres TCP/IP Settings which has:

My WAN IP
Remote Gateway IP
Remote Network IP
Remote Network Mask

The last two I usually set. I've tried setting My WAN IP, but that seems to do nothing. I'll try a reboot though.

Ah... I found what you meant...

I tried putting the public IP in the Local ID.. but the Cisco says the Draytek is still presenting with the local IP (10.x.x.x)

That's a pity. It is the field I had to use to another router and I was hoping it would work to the Cisco.

I don't have any other ideas. Can you reverse the direction of the tunnel or does it have the same problem? Also, is there anywhere on the Cisco where you can specify the Far ID?

Ok - I managed to get it working.
Draytek as the reciever only
Cisco as the initiator.

On the latest firmware of the Cisco, theres a NAT-T under advanced

For my own records here the settings:

Draytek:
default settings. All greyed out.
IPSEC general has the shared Key, AH, DES, 3DES, AES all checked.

Cisco:
Gateway-Gateway
IP Only on Local and Remote
IKE With preshared key
Phase1: 3DES, SHA1
Phase2: 3DES, SHA1
under Advanced: DPD and NAT Traversal ticked.

Tunnels up.