SonicOS provides IKEv2 Dynamic Client Support, which provides a way to configure the Internet Key Exchange (IKE) attributes globally rather than configure these IKE Proposal settings on an individual policy basis. This scenario could be used while one site has dynamic WAN IP address.
On the other site, "IPSec Primary Gateway Name or Address" in the VPN policy General tab will be filled in "0.0.0.0" or left blank.
Configuration on the Central Office (Static WAN IP address)
Creating Address Object for remote Site
Configuring a VPN Policy
General tab
NOTE: Since the Remote WAN IP address changes frequently, it is recommended to use the 0.0.0.0 IP address as the Primary Gateway.
Network tab
Proposals tab
NOTE:The menu "DH Group", "Encryption" and "Authentication" will be gray-out since "IPSec Primary Gateway Name or Address" in General tab is filled in "0.0.0.0" or leaved blank. And they will be configured in step (Configuring the IKEv2 Dynamic Client Proposal, below).
Advanced tab
Configuring the IKEv2 Dynamic Client Proposal:
Configuration on the remote location (Dynamic WAN IP address)
Network Configuration
Creating Address Object for remote site
Configuration VPN Policy
General tab
Network tab
Proposals tab
Advanced tab
How to Test: From the remote location try to ping an IP address on the central location
NOTE: Before receiving successful replies, you might see couple of “Request Timed Out“ messages while the VPN tunnel is still establishing.