I have USG200 at Office location and USG200 at home location, both running on Version 3.0. At office, I have dynamic WAN with DDNS of office.freedns.com (values changed). At home, I have dynamic PPPoE with DDNS of home.freedns.com (values changed). I have IPSec configured with static address and it is working perfectly. The problem is my home WAN IP changes irregularly and every time it changes I loose connection to office. So I thought of implementing IPSec using DNS as then I do not have to worry about changing IPs.
I have tried to do many combinations of VPN Gateway and VPN connections in Zywall where I have tried to input the DNS as Local ID and Peer ID under Advanced Settings of VPN Gateway. But most of the time when I hit connect, it shows an error
"CLI Number: 0 Error Number: -16015 Error Message: 'Dial a dynamic tunnel has failed for Crypto map.'"
And when it does take the configuration, it does not connect when I hit connect. At first I thought it might be a DNS issue where Zywall wasn’t able to resolve the DNS, but through CLI I was able to resolve DNS to their IPs.
isakmp policy Office activate local-ip interface wan2_ppp peer-ip x.x.x.x 0.0.0.0 authentication rsa-sig encrypted-keystring key local-id type fqdn home.freedns.com peer-id type any fall-back-check-interval 300 lifetime 86400 mode main group1 transform-set des-md5 xauth type server default deactivate certificate Cert ! crypto map Office_IPSec adjust-mss auto activate ipsec-isakmp Office scenario site-to-site-static encapsulation tunnel transform-set esp-aes256-sha256 set security-association lifetime seconds 86400 set pfs none local-policy Subnet1 remote-policy Subnet2 no conn-check activate !
I am looking for a solution which will take DNS as peer ID type so I do not have to rely on manually changing IP when PPPoE IP changes.