peter-h wrote: Does the global key do anything then? It would be weird to take note of the Main v. Aggressive mode config in the global IPSEC config, while ignoring the shared key which is entered in the same box.

The Main v. Aggressive mode choice is only to be found in a Dial-out site-to-site profile (advanced section) ... i.e. when the Vigor is acting as the
initiator (or client as I put it earlier - probably not a good choice of phrase).

The exact algorithm it uses at the far end seems a bit airy-fairy to say the least (as to whether it matches the Global PSK, or looks for a match in an inbound profile). I've had it match a key set in a profile - even though the option to use it isn't ticked! (I've seen that on both the 2830 and the 2860).

I think that ticking "Specify Remote VPN Gateway" is the key setting, that makes it ignore the Global PSK and start considering the profile settings instead.

OK; I used a text string here



although perhaps entering the IP at the other end might have been more secure.

It appears that you can enter both... what would that do?