<font face="arial,helvetica,sans-serif">Thanks,<br><br>I added rightid=PUBLIC_IP_ADDRESS and it seems to be working.<br></font>I also did &quot;ipsec auto --rereadsecrets&quot; because I put new keys, but still the tunnel has failed to setup.<br>

<br>I am supposed to use DH group 2, so I figured I have to set modp1024, is that correct? <br>They told me to set it that way: ike phase 1<br><br>conn abc<br>        #General<br>        keyingtries=1<br>        auto=start<br>

        #IKE Params<br>        authby=secret<br>        keyexchange=ike<br>        ikelifetime=8h<br>        ike=aes256-sha1-modp1024<br>        #IPSec Params<br>        type=tunnel<br>        auth=esp<br>        pfs=yes<br>

        compress=no<br>        keylife=60m<br>        esp=aes256-sha1<br>        left=my-gw-ip<br>        leftsubnet=my-subnet<br>        leftnexthop=my-next-hop-ip<br>        rightid=public-ip<br>        right=remote-gw-ip<br>

        rightsubnet=some-remote-subnet<br>        rightnexthop=%defaultroute<br><br><div><br></div>Regards<br>Jakub<br>
<br><br><div class="gmail_quote"><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Fri, 5 Oct 2012, Jakub Sobczak wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
003 &quot;company&quot; #5: we require peer to have ID &#39;PUBLIC_IP_ADDRESS&#39;, but peer declares &#39;PRIVATE_IP_ADDRESS&#39;<br>
</blockquote>
<br>
On the unit behind nat, assuming in that config file they are &quot;left&quot;,<br>
add leftid=publicip.<br>
<span class="HOEnZb"><font color="#888888"><br>
</font></span></blockquote></div><br>