I'm having a problem getting my phase 1 of my IPSec tunnel to work. I have a Cisco 1721 router that is handling NAT. The NAT is translating a global IP from my firewall (Watchguard X700, acting as VPN server) to a local IP. If I try to connect to the VPN internally, no problem. Once I try to connect to the global IP, it starts to create the tunnel, but upon returning of the phase 1 info, I get an error stating that the IP address is invalid (what's happening is that I connect via the global IP, the firewall gets my connection, but returns the local IP. I get an error stating that my policy does not understand the local IP. Listed below is a copy of the log file for the firewall. Any ideas or assistance would be greatly apprecaited.
1-04: 10:47:35.843 This is a version of Mobile User VPN.
11-04: 10:47:35.921 Filter table loaded.
11-04: 10:47:36.625 My Connections\External VPN - RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID 3x, NAT-D 2x)
11-04: 10:47:36.625 My Connections\External VPN - Received message for non-active SA
11-04: 10:47:44.265
11-04: 10:47:44.265 My Connections\External VPN - Initiating IKE Phase 1 (IP ADDR=70.224.15.98)
11-04: 10:47:44.453 My Connections\External VPN - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
11-04: 10:47:44.546 My Connections\External VPN - RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID 3x, NAT-D 2x)
11-04: 10:47:44.546 My Connections\External VPN - Peer is NAT-T draft-02 capable
11-04: 10:47:44.546 My Connections\External VPN - Peer supports Keepalive processing
11-04: 10:47:44.546 My Connections\External VPN - Keepalive processing enabled
11-04: 10:47:44.562 My Connections\External VPN - NAT is detected for Client and Peer
11-04: 10:47:44.562 My Connections\External VPN - Floating to IKE non-500 port
11-04: 10:47:44.609 My Connections\External VPN - Cannot match Phase 1 ID with Policy Entry: received ID IP ADDR=192.168.0.8
11-04: 10:47:44.609 My Connections\External VPN - SENDING>>>> ISAKMP OAK INFO (HASH, NOTIFY:INVALID_ID_INFO)
11-04: 10:47:44.609 My Connections\External VPN - Discarding IKE SA negotiation
11-04: 10:47:44.609 MY COOKIE ad 2f 1f cb a6 65 5d a
11-04: 10:47:44.609 HIS COOKIE 1 b5 93 75 9d bb 80 e
11-04: 10:47:56.296 My Connections\External VPN - RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID 3x, NAT-D 2x)
11-04: 10:47:56.296 My Connections\External VPN - Received message for non-active SA
1-04: 10:47:35.843 This is a version of Mobile User VPN.
11-04: 10:47:35.921 Filter table loaded.
11-04: 10:47:36.625 My Connections\External VPN - RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID 3x, NAT-D 2x)
11-04: 10:47:36.625 My Connections\External VPN - Received message for non-active SA
11-04: 10:47:44.265
11-04: 10:47:44.265 My Connections\External VPN - Initiating IKE Phase 1 (IP ADDR=70.224.15.98)
11-04: 10:47:44.453 My Connections\External VPN - SENDING>>>> ISAKMP OAK AG (SA, KE, NON, ID, VID 6x)
11-04: 10:47:44.546 My Connections\External VPN - RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID 3x, NAT-D 2x)
11-04: 10:47:44.546 My Connections\External VPN - Peer is NAT-T draft-02 capable
11-04: 10:47:44.546 My Connections\External VPN - Peer supports Keepalive processing
11-04: 10:47:44.546 My Connections\External VPN - Keepalive processing enabled
11-04: 10:47:44.562 My Connections\External VPN - NAT is detected for Client and Peer
11-04: 10:47:44.562 My Connections\External VPN - Floating to IKE non-500 port
11-04: 10:47:44.609 My Connections\External VPN - Cannot match Phase 1 ID with Policy Entry: received ID IP ADDR=192.168.0.8
11-04: 10:47:44.609 My Connections\External VPN - SENDING>>>> ISAKMP OAK INFO (HASH, NOTIFY:INVALID_ID_INFO)
11-04: 10:47:44.609 My Connections\External VPN - Discarding IKE SA negotiation
11-04: 10:47:44.609 MY COOKIE ad 2f 1f cb a6 65 5d a
11-04: 10:47:44.609 HIS COOKIE 1 b5 93 75 9d bb 80 e
11-04: 10:47:56.296 My Connections\External VPN - RECEIVED<<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID 3x, NAT-D 2x)
11-04: 10:47:56.296 My Connections\External VPN - Received message for non-active SA