IPsec phase 2 traffic selectors inacceptable
I have an IPsec tunnel (authentication via certificates) that goes up to phase 1, but when it tries to create the CHILD_SA, it tells me that the traffic selectors are unacceptable. This only occurs when I try to make my tunnel over Internet (I forward ports 500 and 4500 to my pfSenses), otherwise my configuration is fully operational when I put a router in the middle.
Basicly the config is:
in phase 1, I put the Remote Gateway to the distant router public address
and in phase 2, the remote network is the LAN network of my pfSenses
Can you help me??