Both servers are directly connected to Internet so NAT should not be enabled. I've tried to upgrade again and noticed that pluto keeps dying and restarting ervery 30 seconds (just enough for the other VPNs to connect). Here is the log from the old (working) openswan version when connecting to Cisco VPN: Mar 10 10:00:09 firewall pluto[18894]: added connection description "ciscovpntest" Mar 10 10:00:10 firewall pluto[18894]: "ciscovpntest" #2: initiating Main Mode Mar 10 10:00:10 firewall pluto[18894]: "ciscovpntest" #2: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 Mar 10 10:00:10 firewall pluto[18894]: "ciscovpntest" #2: ignoring Vendor ID payload [FRAGMENTATION c0000000] Mar 10 10:00:10 firewall pluto[18894]: "ciscovpntest" #2: enabling possible NAT-traversal with method draft-ietf-ipsec-nat-t-ike-05 Mar 10 10:00:10 firewall pluto[18894]: "ciscovpntest" #2: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Mar 10 10:00:10 firewall pluto[18894]: "ciscovpntest" #2: STATE_MAIN_I2: sent MI2, expecting MR2 Mar 10 10:00:10 firewall pluto[18894]: "ciscovpntest" #2: received Vendor ID payload [Cisco-Unity] Mar 10 10:00:10 firewall pluto[18894]: "ciscovpntest" #2: received Vendor ID payload [XAUTH] Mar 10 10:00:10 firewall pluto[18894]: "ciscovpntest" #2: ignoring unknown Vendor ID payload [9bad1e05974f138cfc1f0c2b58144a88] Mar 10 10:00:10 firewall pluto[18894]: "ciscovpntest" #2: ignoring Vendor ID payload [Cisco VPN 3000 Series] Mar 10 10:00:10 firewall pluto[18894]: "ciscovpntest" #2: I will NOT send an initial contact payload Mar 10 10:00:10 firewall pluto[18894]: "ciscovpntest" #2: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected Mar 10 10:00:10 firewall pluto[18894]: "ciscovpntest" #2: Not sending INITIAL_CONTACT Mar 10 10:00:10 firewall pluto[18894]: "ciscovpntest" #2: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Mar 10 10:00:10 firewall pluto[18894]: "ciscovpntest" #2: STATE_MAIN_I3: sent MI3, expecting MR3 Mar 10 10:00:11 firewall pluto[18894]: "ciscovpntest" #2: received Vendor ID payload [Dead Peer Detection] Mar 10 10:00:11 firewall pluto[18894]: "ciscovpntest" #2: Main mode peer ID is ID_IPV4_ADDR: 'xxx.xxx.xxx.xxx' Mar 10 10:00:11 firewall pluto[18894]: "ciscovpntest" #2: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 The openswan-2.6.32-27.2.el6_5 (not working) log: Mar 10 09:57:54 firewall pluto[17287]: added connection description "ciscovpntest" Mar 10 09:57:55 firewall pluto[17287]: "ciscovpntest" #2: initiating Main Mode Mar 10 09:57:56 firewall pluto[17287]: "ciscovpntest" #2: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 Mar 10 09:57:56 firewall pluto[17287]: "ciscovpntest" #2: ignoring Vendor ID payload [FRAGMENTATION c0000000] Mar 10 09:57:56 firewall pluto[17287]: "ciscovpntest" #2: enabling possible NAT-traversal with method draft-ietf-ipsec-nat-t-ike-05 Mar 10 09:57:56 firewall pluto[17287]: "ciscovpntest" #2: next payload type of ISAKMP NAT-D Payload has an unknown value: 130 Mar 10 09:58:04 firewall pluto[17287]: "ciscovpntest" #2: discarding duplicate packet; already STATE_MAIN_I1 Mar 10 09:58:05 firewall pluto[17287]: "ciscovpntest" #2: discarding duplicate packet; already STATE_MAIN_I1 Mar 10 09:58:13 firewall pluto[17287]: "ciscovpntest" #2: discarding duplicate packet; already STATE_MAIN_I1 Mar 10 09:58:25 firewall pluto[17287]: "ciscovpntest" #2: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 Mar 10 09:58:25 firewall pluto[17287]: "ciscovpntest" #2: ignoring Vendor ID payload [FRAGMENTATION c0000000] Mar 10 09:58:25 firewall pluto[17287]: "ciscovpntest" #2: enabling possible NAT-traversal with method draft-ietf-ipsec-nat-t-ike-05 Mar 10 09:58:25 firewall pluto[17287]: "ciscovpntest" #2: ASSERTION FAILED at /builddir/build/BUILD/openswan-2.6.32/programs/pluto/ikev1_main.c:1112: st->st_sec_in_use==FALSE and after 30 seconds pluto restarts. To me this looks like a regression. Where should I report this problem? Centos or Redhat Bugzilla? Radu