VPN Adjustments to be more flexible with 4G Dynamic Peers.

Hi Guys,

First time posting, not sure if these have been previously mentioned.

We have been doing an increasing amount of work with 4G and Dynamic address and have found a few limitations between other vendors.

Remote ID Name Resolution:
On the WatchGuard side in the Gateway Endpoint settings
-> Selecting By Domain Information for Remote ID
-> Choosing Domain Name

If I pick "Attempt to Resolve" it will resolve the correct IP address, but then it doesn't substitute the IP address for the ID that as been defined and so doesn't match.

Can you add a second check box to add the ability to substitute the FQDN for the IP once it has been resolved?

Related Support Case# 01310509

IKEv1 Dynamic - Main Mode:
Cisco Meraki's only tend to work in Main mode, and when configuring IKEv1 there are no common settings available between these two units.

IKEv2 can alleviate this, however the setting is not always possible.

Mixed IKEv1 Aggressive/Main Mode Across Different Interfaces/Secondary IPs:
When running multiple Dynamic IPSEC connections we are constrained to the same settings across all configured Dynamic VPNs.

The constraint also affects other interfaces, if possible it would be good to break out this restriction so that different interfaces can handle the different modes of IPSEC.

If possible enable the L2TP VPN to be terminated on the WatchGuard but allow DHCP to be assigned by another device, or allow the same DHCP options to be assigned to the Virtual IP Address Pool.

Classless Static Routes Option 121 would be awesome here.



  • Options

    +1 for L2TP DHCP options. Now we are WFH its causing SCCM issues with addresses changing frequently

    WatchGuard M4600 (x2 Cluster)
    WatchGuard M640 (x2 Cluster)
    Firmware : 12.8

  • Options
    edited October 2020


Sign In to comment.