Give the forum more time, most IPSEC experts are the busy ones around here with real jobs and family lives probably so......patience is a key, and the more they see you making an effort and learning, the more apt they are to help and the more likely you understand what they are saying. Dont give up yet!!
Often the problem is lack of or miscommunication and that is why I implore that we have standards on the forum, alas I am a lone voice LOL.
-
Let us understand the full breadth of requirements so a proper config can be discussed.
a. identify all the user(s)/device(s) including the admin, external/internal etc.
b. identify all the traffic they require to pass successfully. -
Provide a detailed network diagram
-
Provide details on ISP connection(s), static/dynamic public/private, type etc........
-
Provide details on ISP usage if multi-wan (primary/failover,LB, which users/subnets have to go out certain WANS, any incoming on particular wans for lan servers etc..)
-
Full copy of config after every set of changes so the latest facts can be used to move forward.
/export file=anynameyouwish (minus router serial number, any public WANIP information, keys etc.)