
<div dir="ltr"><div><div><div><div>To whom may it concern,<br></div>I've installed strongswan for IOS on a server and have deployed it's snapshot to another server. The problem is that, my clients can't connect to one of them,I traced the logging process using "ipsec start --nofork --debug-all" <br>

13[IKE] received NAT-T (RFC 3947) vendor ID<br>13[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID<br>13[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID<br>13[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID<br>

13[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID<br>13[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID<br>13[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID<br>13[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID<br>

13[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID<br>13[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID<br>13[IKE] received XAuth vendor ID<br>13[IKE] received Cisco Unity vendor ID<br>13[IKE] received DPD vendor ID<br>

13[IKE] 217.218.83.90 is initiating a Main Mode IKE_SA<br>13[ENC] generating ID_PROT response 0 [ SA V V V ]<br>13[NET] sending packet: from 37.123.118.145[500] to 217.218.83.90[500] (136 bytes)<br>14[NET] received packet: from 217.218.83.90[500] to 37.123.118.145[500] (292 bytes)<br>

14[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]<br>14[IKE] remote host is behind NAT<br>14[IKE] sending cert request for "C=US, O=VPNINTOUCH, CN=VPNINTOUCH CA"<br>14[ENC] generating ID_PROT response 0 [ KE No CERTREQ NAT-D NAT-D ]<br>

14[NET] sending packet: from 37.123.118.145[500] to 217.218.83.90[500] (373 bytes)<br>06[JOB] deleting half open IKE_SA after timeout<br></div><br><br><br><br><br>and this is my ipsec .conf<br>config setup<br>        # strictcrlpolicy=yes<br>

        # uniqueids = no<br>        plutostart=yes<br>        nat_traversal=yes<br># Add connections here.<br><br># Sample VPN connections<br><br>conn ios<br>        keyexchange=ikev1<br>        authby=xauthrsasig<br>        xauth=server<br>

        rightauth2=xauth-radius<br>        rightauth=pubkey<br>        left=%defaultroute<br>        eap_identity=110<br>        leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a><br>        leftcert=serverCert.pem<br>        leftupdown="ipsec _updown"<br>

        right=%any<br>        rightsubnet=<a href="http://10.0.0.0/24">10.0.0.0/24</a><br>        rightsourceip=<a href="http://10.0.0.0/24">10.0.0.0/24</a><br>        rightcert=clientCert.pem<br>        pfs=no<br>    rekey=no<br>

        auto=add<br>    fragmentation=yes<br>        type=tunnel<br>    mediation=yes    <br><br><br><br><br><br></div>May you please help?<br></div>Regards,<br></div>