I have recently come across some interesting IPsec behavior when modifying one of our Hub routers in our current VPN topology. When adding dynamic entries for sites that are now acquiring dynamic addresses(changing from time to time), I used ISAKMP Profiles that referenced keyrings for both the Dynamic L2L and the Remote Access entries. After which, any globally defined pre-shared keys being used for previously configured static sites seemed to be overlooked as the router was performing peer authentication and those sites could never fully develop a Phase 1 connection. I had to use ISAKMP Profiles with nested keyrings for each of these sties to enable them to pass Main Mode. I was just curious if anyone else has experienced something similar.
I have this problem too.