[Openswan Users] stop after SA established

[sasa]

Hi, I have a problem with vpn site-to-site with two end-point then are two static public ip.
The authentication method then I have used is rsa key, on both end-point I have generated key in this mode:

#ipsec newhostkey --output /etc/ipsec.secrets

..and my ipsec.conf is:

config setup
 # eth0 e' l'int pub del fw
   interfaces="ipsec0=eth0"
   nat_traversal=yes
 
# default configuration

conn %default
      authby=rsasig
 
conn sedeprinsedesecond
    auto=start
    pfs=yes
    left=4.3.2.1
    leftsubnet=192.168.1.0/24
    leftnexthop=4.3.2.2

    leftrsasigkey=blablabla
    right=1.2.3.4
    rightsubnet=10.0.0.0/24
    rightnexthop=1.2.3.5
    rightrsasigkey=cccaaa 
 
000 "sedeprinsedesecond": 192.168.1.0/24===4.3.2.1:4500---4.3.2.2...1.2.3.5---1.2.3.4:4500===10.0.0.0/24; prospective erouted; eroute owner: #0
000 "sedeprinsedesecond":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "sedeprinsedesecond":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24; interface: eth0;
000 "sedeprinsedesecond":   newest ISAKMP SA: #1; newest IPsec SA: #0;
000 "sedeprinsedesecond":   IKE algorithms wanted: 5_000-1-5, 5_000-1-2, 5_000-2-5, 5_000-2-2, flags=-strict
000 "sedeprinsedesecond":   IKE algorithms found:  5_192-1_128-5, 5_192-1_128-2, 5_192-2_160-5, 5_192-2_160-2,
000 "sedeprinsedesecond":   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000 "sedeprinsedesecond":   ESP algorithms wanted: 3_000-1, 3_000-2, flags=-strict
000 "sedeprinsedesecond":   ESP algorithms loaded: 3_000-1, 3_000-2, flags=-strict
000
000 #20: "sedeprinsedesecond" STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_RETRANSMIT in 2s
000 #1: "sedeprinsedesecond" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 1850s; newest ISAKMP
000


..where can be a problem ??
thanks.

        Salvatore.