I wanted to share my experience with SG3100 gateways in DAIP mode with 80.10.
In previous version 77.20 with 1100 edge gateways, we never had a problem with DAIP mode, but since we migrated to 80.10 and replace the 1100 with 3100, we really had hard times to make it work.
I spent hours on the phone with TAC, and we finally found a recipe.
The trick is to create a address range object to represent the private ip of the gateway WAN interface, witch in contrary of the public IP held by the ISP router witch may change, can be statically configured (or statically assigned by the ISP router DHCP). I will call this objet DAIP_GW_WAN_Private.
This object must be allowed in a policy rule to reach the management server(on its private and NATted public IP) on the ports FW1_ica_services, FW1_ica_pull and CPD.
Management server (on its private and NATted public IP) must be allowed in a policy rule to reach DAIP_GW_WAN_Private on port CPD_amon
For a meshed community, DAIP_GW_WAN_Private must be allowed in a policy rule to reach other gateways on port IKE and IKE_NAT_TRAVERSAL.
DAIP_GW_WAN_Private must be allowed in a policy rule to talk with VPN community central Gateway on port IKE and IKE_NAT_TRAVERSAL in both ways
In our meshed community, we didn't configured permanent tunels, because the tunnel-test packet doen't get trough, and thus we lost the smartview monitor information about tunnels.
Hope this will help.