I added this to the wrong section but can't move it or delete it from the wrong section! Any mods that can help please feel free to delete this duplicate in "installation and setup".

I have two Vigor 2920n units creating a LAN-to-LAN VPN.

I can configure a VPN using L2TP but the VPN will only connect when IPSEC policy is set to "None" or "Nice to have".

Both routers are running firmware 3.6.8.2 and I have configured the IKE PSK to exactly the same on each unit and both are using 3DES or AES (AES preferred).

The networks as as follows:

Code:

Vigor 2920n (LAN-to-LAN Client) --> ISP1 modem (Non-NAT thus Draytek has public IP) ==> Internet <== ISP2 (NAT modem/router with Draytek in DMZ) <-- Vigor 2920n (LAN-to-LAN Server)

Note: both sites are static IPs through the ISP.

I have followed numerous guides (including those on Draytek site) for creating the LAN-to-LAN VPN but all I can deduce is that perhaps port UDP 500 is blocked somewhere (but the ISPs are business broadband packages and (they say) nothing is blocked because customers have site-to-site VPNs all over the place), there is something wrong with my IKE settings, or I've completely missed something...

I have even tried one of the 2920n's on my home Internet to try and rule out an ISP block - same problem. Obviously the problem may be on the ISP side of the unit I haven't tried on a different connection, but, as I said, both ends of the VPN are on business broadband packages and I wouldn't expect things like IPSEC and other VPN ports to be blocked...

Is there anything else I can test?

Additionally, this will be a DNS issue, I can't communicate with the remote network using host names. .. IPs work fine. I have Windows Servers at both ends of the VPN so I'm guessing I configure the 1st and 2nd DNS addresses on each server?

Thaaaank you