Actually, thinking about this again, I see from "netstat -an" that isakmpd listens on all ports by default. Therefore needing to specify in isakmpd.conf should be unnecessary, no ?
The precise errors I am seeing at present are : Default rsa_sig_decode_hash: no public key found Default dropped message from 10.0.0.2 port 500 due to notification type INVALID_ID_INFORMATION I have reduced configs to minimal levels: ike esp from 10.0.0.2 to 10.0.0.1 local 10.0.0.1 peer 10.0.0.2 \ psk ******* ike esp from 10.0.0.1 to 10.0.0.2 local 10.0.0.2 peer 10.0.0.1 \ psk ******* I can ping 10.0.0.2/10.0.0.1 from each other.
