jj,
First i would start by verifying that you have a public ip address on both RVS4000 Wan interfaces. After this is verified then you want to make sure all ports are open and not being blocked by your ISP. you can do this by changing the remote management port on the firewall tab to the 4 ports that you need for IPsec tunneling. 443,500,4500,60443. If you are able remote manage your router on all four ports mark this site good for tunneling. Now repeat this process on site 2.
After verifying all port are opened on both sites.
Make sure Router 1 is on a different local subnet than router 2 , so if router 1= 192.168.1.1 (local) then change router 2 = 192.168.2.1 (local) after this is completed. You are ready to configure your IPsec tunnel.
If you have any previous tunnels i would delete and reconfigure.
Local security gateway - by IP address ( place your static public ip address)
Local security group - router 1 192.168.1.0 255.255.255.0
remote security gateway - bv IP address ( place your remote static public ip address)
remote secutit group - 192.168.2.0 255.255.255.0
Make sure phase 1 and phase 2 are exactly the same,
I like to disable PFS on both side of the tunnel.
pre share key (exactly the same)
Now save and connect, your tunnels should be up successfully now.
Thanks,
Jason Bryant
Cisco Support Engineer
.:|:.:|:.