for those that have been scratching their heads i’m posting a solution to a problem i had which took me a little over a week to figure out. crawling multiple google searches and every page of this forum.
a simple site to site vpn given in any example, such as:
set vpn ipsec edit vpn ipsec set ipsec-interfaces edit ipsec-interfaces set interface eth0 set ike-group IKE edit ike-group IKE set lifetime 7200 set ike-group IKE proposal 1 edit ike-group IKE proposal 1 set encryption 3des set hash md5 set dh-group 2 set esp-group ESP edit esp-group ESP set lifetime 1800 set compression disable (NOT ENABLE) set esp-group ESP proposal 1 edit esp-group ESP proposal 1 set encryption 3des set hash md5 set site-to-site edit site-to-site set peer 220.127.116.11 edit peer 18.104.22.168 set authentification pre-shared-secret [i]teddy[/i] set ike-group IKE set local-ip 22.214.171.124 set tunnel 1 edit tunnel 1 set local-subnet 10.200.0.0/16 set remote-subnet 10.250.0.0/16 set esp-group ESP
if you’ve configured you firewall rules correctly (i was unsure as mine are designed with zone-policy) the one setting which causes this all to fall apart is the, set vpn ipsec esp-group compression enable.
for some reason the compression setting does not work.