Since mindwise is active again here I've got a nice question I think. Ofcourse I'm happy with anybody else's answer to!
A collegue of mine configured a VPN between his home and his hoby site, let's name it baywatch.
Both side SSG5/20 running 6.1r2.
Baywatchside has ADSL with Nating and portforwarding everything to firewall. Homeside is Cable so public IP on firewall.
VPN was configured ok, routebased with nat traversal enabled.
VPN's didn't come up. I debugged. Saw on home side messages with no user defined for VPN. Strange ofcourse because both side used static IP as auth. method. I debuged ike and saw the correct IP was comming in but not matched in config. Disabling NAT traversal resulted in the VPN comming up from baywatch to home. Not otherway around.
So enbled monitoring with rekey on BW side and VPN works.
But I can't explain the behaviour! Might ba a bug I think!
Who can explain this?