I try to set up Cisco 850 router behind the nat and allow clients to create VPN tunnels to it. I get the following error on IKE phase 2:
ISAKMP:(2022): IPSec policy invalidated proposal with error 1024
What does it means and how to fix it?
What I know for sure (tested):
1. Connection is made without problems when NAT is removed betweem server and client
2. Connection is made without problems when Client (not Server) is behind the NAT
3. Client is NAT-T capable (Windows XP SP2. I turned on this feature in the registry as described in Cisco and Microsoft manuals)
4. It does't matter if I forward ports (UDP 500 and UDP 4500) or make Server in DMZ. So it's not port problem.