IPsec phase 2 traffic selectors inacceptable



  • Hello!

    I have an IPsec tunnel (authentication via certificates) that goes up to phase 1, but when it tries to create the CHILD_SA, it tells me that the traffic selectors are unacceptable. This only occurs when I try to make my tunnel over Internet (I forward ports 500 and 4500 to my pfSenses), otherwise my configuration is fully operational when I put a router in the middle.

    Here is the schema: http://imgur.com/NYlqPoh
    And here is the log: http://imgur.com/J1QAG66

    Basicly the config is:

    • in phase 1, I put the Remote Gateway to the distant router public address

    • and in phase 2, the remote network is the LAN network of my pfSenses

    Can you help me??