How to Configure IPSec VPN with Aggressive Mode between UTT Routers

Introduction
This document describes how to configure IPSec VPN between two UTT routers. A company’s head office uses AC750W-1 to connect to the Internet, and its branch office uses AC750W-2 to connect to the Internet. Now the company wants to securely connect the remote branch office to the head office through an IPSec VPN tunnel over the Internet.
 
Prerequisites
1. a UTT Business Router (hereinafter shorted as “the Router"), such as UTT router N518W, AC750W, AC750GW, AC1220GW, ER518, ER840G and ER4240G. Firmware Version: 3.0.0 or above
2. a PC/laptop connected to the Router wirelessly or through an Ethernet cable
 
Configuration
Network Diagram
 
1. Configuration on AC750W-1
Go to VPN > IPsec, click Add. Select Originate-Only Connection Type, configure the information of Remote, Local, and Security Options, keep Advanced Options as default, then click Save.
 
2. Configuration on AC750W-2
Go to VPN > IPsec, click Add. Select Answer-Only Connection Type, configure the information of Remote, Local, and Security Options, keep Advanced Options as default, then click Save.
 
3. The Status of IPSec VPN will show Established on both sides, and PC2’s IP address: 192.168.1.250 is able to ping on PC1.
 
Note
1. Can’t use the same LAN IP Address on both peers.
2. For VPN Connection Type,
Bidirectional: Static-to-Static IPSec VPN
Originate-Only: Dynamic-to-Static IPSec VPN
In this case, the local UTT VPN gateway can only act as an initiator, and both IPSec endpoints should use aggressive mode for phase 1 IKE negotiation.
Answer-Only: Static-to-Dynamic IPSec VPN
In this case, the local UTT VPN gateway can only act as a responder, and both IPSec endpoints should use aggressive mode for phase 1 IKE negotiation.