Hi,

Any advice would be appreciated on this - been driving me mad for a while !

I recently had to reset a 2820 router back to defaults and decided to upgrade the firmware before I manually reprogrammed the settings back in from the file notes I keep. It wasn't a complicated setup and therefore wouldn't take long.

The routers main function was to act as the connecting gateway for several other LANs around the country, however, try as I might, I cannot get it to reconnect to the branch routers using IPSEC as it was setup prior to the reset. I can connect immediately without problems using PPTP, and am begining to suspect some sort of fault or firmware issue on the 2820.

All the branches use a 2800 router on an ADSL connection.

2820 Firmware 3.3.4_232201
2800 Firmware 2.8.2

Dial Out VPN Settings (2820)

RemoteAccess Control - PPTP/IPSEC/L2TP Enabled

IPSEC General Setup - PSK has been entered, Medium(AH), DES, 3DES and AES all selected

Profile is enabled, dial out is always on.

Type of server - IPSEC Tunnel

Correct External IP address of router is entered.

IKE Authentication - IKE PSK entered
IPSec Security - Medium (AH)

WAN IP 0.0.0.0
Remote Gateway 0.0.0.0
Remote network - correctly entered
Subnet Mask 255.255.255.0

RIP Disabled
From First Subnet - ROUTE

Dial In VPN Settings (2800)

RemoteAccess Control - PPTP/IPSEC/L2TP Enabled

IPSEC General Setup - PSK has been entered, Medium(AH), DES, 3DES and AES all selected

Profile is enabled, dial in, timeout 300 seconds.

Allowed Dial in Type - IPSEC Tunnel

Remote Gateway - correct IP address of initiating gateway

IKE Authentication - IKE PSK entered
IPSec Security - Medium (AH)

WAN IP 0.0.0.0
Remote Gateway 0.0.0.0
Remote network - correctly entered
Subnet Mask 255.255.255.0

RIP Disabled
For NAT operation Treat Remote Subnet as - Private IP

Using the syslog I can see the 2820 initiating the call to the remote site (Dialing node 4 : IPAddress, then Initiating IKE Aggressive Mode), and at the remote site I can see the call coming in, but the connection is never made. It doesn't seem to matter whether I use Medium or High encryption, and even if I specify the types of encryption for Main and Aggressive mode, the connection is still never made.

I've never had this issue before when using Drayteks for the past 10 years or so, hence why I suspect the 2820 is at fault, anyone have any ideas or (sensible) suggestions ?

Cheers

Further information on this - I've tried setting the VPN up as Branch to Main (2800 - 2820) using IPSEC and still no joy.

Think I'm going to take out the 2820 tomorrow and replace it with a 2910 to see if it will work with a different model.

PPTP works immediately still ......... ho hum.