hi all,
i have XG310 at HO and also i have around 11 branches that want to use XG115 as firewall. to make all branches and HO are connected we decided to use IPSec tunnel,
but the problem is all my branches are using dynamic IP address. i have tried to create multiple IPSec configuration on HO for each branches. but only one branch is working the rest still down till now. do you all have any suggestion regarding to my problem ?
thanks all
Hello Bram,
In this case, I would recommend setting the XG 115s with Gateway Type Initiate tunnel, then in the XG 310 set it to Gateway Type Respond Only for each IPsec.
Additionally to this, in the XG 310 for each IPsec tunnel in the Option for Remote Gateway instead of an IP address you can type "*", as in the screenshot below
Make sure the IPsec Policies matches between each IPSec connection
And in the XG 115 as the Gateway Type is set to Initiate for the Dead Gateway Detection (In the IPsec Policy) set it to Re-initiate.
Basically follow this rule for DGD
When Site-to-Site VPN if XG is set to Gateway Type
Respond only = DPD should be Disconnect
Initiate the connection = Re-initiate
Hello Bram,
In this case, I would recommend setting the XG 115s with Gateway Type Initiate tunnel, then in the XG 310 set it to Gateway Type Respond Only for each IPsec.
Additionally to this, in the XG 310 for each IPsec tunnel in the Option for Remote Gateway instead of an IP address you can type "*", as in the screenshot below
Make sure the IPsec Policies matches between each IPSec connection
And in the XG 115 as the Gateway Type is set to Initiate for the Dead Gateway Detection (In the IPsec Policy) set it to Re-initiate.
Basically follow this rule for DGD
When Site-to-Site VPN if XG is set to Gateway Type
Respond only = DPD should be Disconnect
Initiate the connection = Re-initiate
