History
Original I had a Draytek 2600/2800 on a fixed public IP that connected to 2 Draytek 2600 that were both dynamic public IPS. The dynamic routers both have registered DNS names to enable them to be located. These where all L2TP IPSEC VPNS. I originaly had issues starting the vpns from the dynamic public IP side, but eventually resolved this by using Aggressive mode IKE and Peer ID's.

Problem
I've had to swap the 2600/2800 router for a 2820 as it died (old 2600 is held as backup). Now no matter what i try i cannot get the dynamic router to connect to the 2820 on the fixed public IP.

Has anyone experieced this problem and now how to resolve it?[/b]

You should not need aggressive mode or peer ID's to set it up. You will also find it easier to have the routers on dynamic IP's calling the router on the fixed IP. Re-connect times are quicker if the dynamic IP's change as you do not have to wait for DNS records to propagate through the DNS system.

Having said that, it is possibly a tad more secure to have the fixed IP end call the dynamic IP end.

Where are you putting the PSK in the 2820 for the dynamic end to make a connection. It should not go in the LAN-LAN profile, but in the IPSec General set up.

Hi, VPNs are set to call direction "both". I'm entering the PSK in the LAN-LAN profile like did when i had a 2600/2800.

Don't i need to specify a peer id as i cannot specify the ip as its dynamic?

Hi, i tried what you suggested but it did not work. I also tried using the current public IP (instead of using a peer id) of the dynamic end and was very surprised when it did not work. I then tried PPTP followed by IPSEC Tunnel both of which worked first time without any problems.

I don't understand why i cannot get L2TP with IPSec Policy working? I'm going to go and gather some logs next.

I'm not sure what the benefits of L2TP/IPSec over IPSec with a strong PSK. I would (and do) just stick with IPSec. I do not use peer ID's - aren't they for aggressive mode? Peer VPN IP's don't work if the other end has a dynamic IP, but they should work if the other end has a static IP. If you do use them (and you can on your remote 2600's), then on the 2600's you put the PSK in the Dial-in settings and it can be different from the one in IPSec General Settings. You cannot use them on your 2820.

Hi

same problem here.
two 2820's one on static IP one on Dynamic.

I can get a VPN up using PPTP or IPSEC : dialing in from dynamic to fixed.

But L2TP with IPSEC - just refuses to work.

any ideas anyone?

My IT dept assures me L2TP with IPSEC should work and cant undestand why it wont.

The Dynamic Router is in Canada - the static IP router in the UK