Andreas, I added that and it did not change anything. So, I asked for a debug from the Cisco side and the error was: Aug 6 17:57:02 UTC: ISAKMP:(0:68:HW:2):No pre-shared key with 71.5.35.91! Aug 6 17:57:02 UTC: ISAKMP:(0:68:HW:2): phase 1 SA policy not acceptable! (local 144.168.7.164 remote 71.5.36.91) This was an issue on there side, the PSK host was set incorrect. That was corrected, and I am now seeing that more data is passing between the two, but again, it does not pass past the Main Mode. The Cisco side is: 144.168.7.164 71.5.36.91 MM_SA_SETUP 81 0 Aug 6 19:45:01 UTC: ISAKMP:(0:72:HW:2):SA authentication status: Aug 6 19:45:01 UTC: ISAKMP:(0:72:HW:2): authenticated Aug 6 19:45:01 UTC: IPSEC(validate_transform_proposal): proxy identities not supported Aug 6 19:45:01 UTC: ISAKMP:(0:72:HW:2): IPSec policy invalidated proposal Aug 6 19:45:01 UTC: ISAKMP:(0:72:HW:2): phase 2 SA policy not acceptable! (local 144.168.7.164 remote 65.203.61.17) The strongSwan side is the same. This appears to be where the Cisco is seeing my IP as different, but I don't know why it would. Any suggestions? Thanks Stuart
>>> On 8/6/2010 at 2:42 PM, Andreas Steffen <[email protected]> >>> wrote: Hello Stuart, could you add leftnexthop = %defaultroute Regards Andreas
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
