After some searching here I've not found an answer so here's my scenario. Two sites, both with Comcast cable internet and dynamic IP addresses. Both sites have WRV200 routers. I've got ddns set up for both routers. Both routers are configured identically except that that one is 192.168.1.1 and the other is 192.168.2.1 and they obviously have different ddns names. No tunnel is being established. My configuration is listed below. __________________________________ Tunnel Entry: Tunnel A VPN Tunnel: Enabled Tunnel Name: XXX NAT-Traversal: Disabled Local Secure Group: Subnet IP 192.168.1.1 (192.168.2.1) Subnet 255.255.255.0 Remote Secure Group Subnet IP 192.168.2.1 (192.168.1.1) Subnet 255.255.255.0 Remote Secure Gateway FQDN XXX1.dnsalias.com (XXX2.dnsalias.com) Key Exchange Method: Auto (IKE) Operation Mode: Main ISAKMP Encryption Method: Auto ISAKMP Authentication Method: MD5 ISAKMP DH Group: Group 14: 2048-bits ISAKMP Key Lifetime (s): 28800 PFS: Enabled IPSec Encryption Method: Auto IPSec Authentication Method: MD5 IPSec DH Group: same as ISAKMP IPSec Key Lifetime: 3600 Pre-Shared Key: XXX111111 Dead Peer Detection selected Detection Delay(s): 30 Detection Timeout(s): 120 DPD Action: Recover Connection Global NAT-Traversal: Enabled Values in parentheses are for the second WRV200 so you can see the difference in the setup between the two. I'm stuck here and don't see why this isn't working. Any ideas?