Site to site VPN won't go online

Question

Hi, 
 I'm currently facing a problem setting up a site to site VPN. It worked with our Sonicwall NSA 2400. With the new XG210-HA it doesn't go online. 
 Unfortunately the settings were changed as the old settings weren't secure enough after 6 years, so everything was set up from scratch. 
 Our XG connects to a UTM. We use IKEv2 and MainMode. AES256 with SHA512 and Group 16 MODP 4096 in phase 1. Same for phase 2. Encryption is done by RSA key. Settings on both sides have been double-checked. 
 
 All I ever see is

Any ideas? Thanks.

Jelle · Accepted Answer

Well, finally VPN is up and running! 
 The issue was that due to multiple WAN interfaces the corresponding firewall rule had a primary gateway set. This led to the situation that packets were routed to the interface instead to the ipsec connection inside the XG. 
 Thanks to dna from Sophos who looked at the configuration and was able to find this tiny but blocking configuration error

Aditya Patel · Answer

Hi Jelle, 
 Could you try with IPaddress such as 1.1.1.1 and 2.2.2.2 instead of DNS.