I have two sites that need a VPN tunnel between them. Site 1 has an F380 firewall and the ISP serving Site 1 issues static public IP addresses. Site 2 has a third party firewall and the ISP issues dynamic public IP addresses.
I know that with an IPSec / IKEv2 vpn tunnel, if I make Site 2 the caller, I can tell Site 1 that the caller has a dynamic public ip address and the tunnel will connect properly (this is done by specifying, in Site 1, that the IPSec / IKEv2 tunnel has a remote IP address of 0.0.0.0/0). This works, and works well, but I would prefer to have these VPN tunnels managed in GTI Editor. GTI Editor deals only in IPSec / IKEv1 and TINA. TINA is out since Site 2 is not a Barracuda NG firewall. I'm finding that IPSec / IKEv1 does not react well to specifying 0.0.0.0/0 as the remote gateway in Site 1, being unable to find a matching proposal being the gist of the error messages I get. The exact same IKEv1 config works if I specify the current IP address of Site 2 in Site 1's VPN tunnel definition.
Maybe this is a limitation of IKEv1 and there's no way to make it behave like IKEv2 and play nice with a dynamically addressed remote gateway. I wanted to put that exact question to this forum however. Can an IKEv1 / IPSec tunnel defined on an NG firewall be made to work as a passive tunnel / responder only, when the caller has dynamic IP addresses?
If the answer to that is no, are there any plans in the future to make GTI Editor compatible with IPSec / IKEv2?