<div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div id="yiv5787825964"><div id="yui_3_16_0_1_1417055742385_22398"><div id="yui_3_16_0_1_1417055742385_22397" style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;"><div id="yiv5787825964"><div id="yiv5787825964yui_3_16_0_1_1417055742385_18893"><div id="yiv5787825964yui_3_16_0_1_1417055742385_18892" style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;"><div id="yiv5787825964yui_3_16_0_1_1417055742385_17154">Bingo, add rightid=192.168.1.150 to both sides and it works like a champ.</div><div id="yiv5787825964yui_3_16_0_1_1417055742385_17155">Thanks a bunch!</div><br clear="none"><div class="yiv5787825964yahoo_quoted" id="yiv5787825964yui_3_16_0_1_1417055742385_16582" style="display: block;"><div id="yiv5787825964yui_3_16_0_1_1417055742385_16581" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;"><div id="yiv5787825964yui_3_16_0_1_1417055742385_16580" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;"><div id="yui_3_16_0_1_1417055742385_22585" class="yiv5787825964qtdSeparateBR"><br clear="none"><br clear="none"></div><div class="yiv5787825964yqt6742381966" id="yiv5787825964yqtfd55416"><div class="yiv5787825964yqt0493351771" id="yiv5787825964yqtfd39915"><div dir="ltr" id="yiv5787825964yui_3_16_0_1_1417055742385_16586"> <font id="yiv5787825964yui_3_16_0_1_1417055742385_16587" face="Arial" size="2"> On Tuesday, November 25, 2014 10:35 PM, Nick Howitt <nick@howitts.co.uk> wrote:<br clear="none"> </font> </div>You will probably have to set leftid or rightid to @your_public_ip
    for your PC B.<br clear="none"><div class="yiv5787825964y_msg_container" id="yiv5787825964yui_3_16_0_1_1417055742385_16579"><div id="yiv5787825964"><div id="yiv5787825964yui_3_16_0_1_1417055742385_16578">
    <br clear="none">
     Nick<br clear="none">
    <br clear="none">
    <div class="yiv5787825964yqt7715724508" id="yiv5787825964yqt81432"><div class="yiv5787825964moz-cite-prefix" id="yiv5787825964yui_3_16_0_1_1417055742385_16588">On 26/11/2014 00:28, Ted Victorio
      wrote:<br clear="none">
    </div>
    <blockquote id="yiv5787825964yui_3_16_0_1_1417055742385_16577" type="cite">
      <div id="yiv5787825964yui_3_16_0_1_1417055742385_16576" style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;">
        <div dir="ltr" id="yiv5787825964yui_3_16_0_1_1416960280967_4196">Hi Neal,<br class="yiv5787825964" style="" clear="none">
          No joy with 'forceencaps=yes' to either side or both.<br class="yiv5787825964" style="" clear="none">
          I removed DMZ setup for PC B and set router to forward UDP 500
          and 4500 for IPsec & NAT-T.<br class="yiv5787825964" style="" clear="none">
          Same ipsec.conf & ipsec.secrets. Again, the link initiates
          from 90.0.0.9-to--192.168.1.150 fine, but won't initiate in reverse.<br class="yiv5787825964" style="" clear="none">
          Thanks,<br class="yiv5787825964" style="" clear="none">
          <br class="yiv5787825964" style="" clear="none">
          Neal Murphy wrote:<br class="yiv5787825964" style="" clear="none">
          > As a guess, add 'forceencaps=yes' to B's config; that
          should force it to start <br class="yiv5787825964" style="" clear="none">
          > with NAT traversal.<br class="yiv5787825964" style="" clear="none">
          <br class="yiv5787825964" style="" clear="none">
          On Monday, November 24, 2014 01:35:35 AM Ted Victorio wrote:<br class="yiv5787825964" style="" clear="none">
          > Hello gurus,<br class="yiv5787825964" style="" clear="none">
          > <br class="yiv5787825964" style="" clear="none">
          > My IPsec link (90.0.0.9--192.168.1.150) works fine if PC
          A initiates "ipsec<br class="yiv5787825964" style="" clear="none">
          > auto --up A_to_B" However, if PC B initiates "ipsec auto
          --up B_to_A", the<br class="yiv5787825964" style="" clear="none">
          > handshake fails since the router converts main mode 1
          from 192.168.1.150<br class="yiv5787825964" style="" clear="none">
          > as if IPsec initiated from 90.0.0.3. Appreciate any
          suggestion to solve this.<br class="yiv5787825964" style="" clear="none">
          >Thank you,<br clear="none"></div></div></blockquote></div></div></div><br clear="none"></div>  </div></div></div><div class="yiv5787825964yqt0493351771" id="yiv5787825964yqtfd02452"><div class="yiv5787825964yqt6742381966" id="yiv5787825964yqtfd65737"> </div></div></div><div class="yiv5787825964yqt0493351771" id="yiv5787825964yqtfd10034"><div class="yiv5787825964yqt6742381966" id="yiv5787825964yqtfd55424">  </div></div></div><div class="yiv5787825964yqt0493351771" id="yiv5787825964yqtfd46005"><div class="yiv5787825964yqt6742381966" id="yiv5787825964yqtfd05530"> </div></div></div></div></div></div></div></div></div>