<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-15">
<META content="MSHTML 6.00.2900.5945" name=GENERATOR></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Tahoma">
<DIV>Andreas,</DIV>
<DIV> </DIV>
<DIV>I added that and it did not change anything.</DIV>
<DIV> </DIV>
<DIV>So, I asked for a debug from the Cisco side and the error was:</DIV>
<DIV> </DIV>
<DIV>Aug 6 17:57:02 UTC: ISAKMP:(0:68:HW:2):No pre-shared key with 71.5.35.91!</DIV>
<DIV>Aug 6 17:57:02 UTC: ISAKMP:(0:68:HW:2): phase 1 SA policy not acceptable! (local 144.168.7.164 remote 71.5.36.91)</DIV>
<DIV> </DIV>
<DIV>This was an issue on there side, the PSK host was set incorrect. That was corrected, and I am now seeing that more data is passing between the two, but again, it does not pass past the Main Mode. The Cisco side is:</DIV>
<DIV> </DIV>
<DIV>144.168.7.164 71.5.36.91 MM_SA_SETUP 81 0</DIV>
<DIV> </DIV>
<DIV>Aug 6 19:45:01 UTC: ISAKMP:(0:72:HW:2):SA authentication status:</DIV>
<DIV>Aug 6 19:45:01 UTC: ISAKMP:(0:72:HW:2): authenticated</DIV>
<DIV>Aug 6 19:45:01 UTC: IPSEC(validate_transform_proposal): proxy identities not supported</DIV>
<DIV>Aug 6 19:45:01 UTC: ISAKMP:(0:72:HW:2): IPSec policy invalidated proposal</DIV>
<DIV>Aug 6 19:45:01 UTC: ISAKMP:(0:72:HW:2): phase 2 SA policy not acceptable! (local 144.168.7.164 remote 65.203.61.17)</DIV>
<DIV> </DIV>
<DIV>The strongSwan side is the same.</DIV>
<DIV> </DIV>
<DIV>This appears to be where the Cisco is seeing my IP as different, but I don't know why it would.</DIV>
<DIV> </DIV>
<DIV>Any suggestions?</DIV>
<DIV> </DIV>
<DIV>Thanks</DIV>
<DIV> </DIV>
<DIV>Stuart <BR><BR><BR>>>> On 8/6/2010 at 2:42 PM, Andreas Steffen <andreas.steffen@strongswan.org> wrote:<BR></DIV>
<DIV style="PADDING-LEFT: 7px; MARGIN: 0px 0px 0px 15px; BORDER-LEFT: #050505 1px solid; BACKGROUND-COLOR: #f3f3f3">Hello Stuart,<BR><BR>could you add leftnexthop = Þfaultroute<BR><BR>Regards<BR><BR>Andreas<BR></DIV></BODY></HTML>