==>[SOLVED]<== Hey guys, I have a problem with a VPN between a Fortigate (AWS) and a PfSense (Netgate SG-1100) at home. The VPN was working, but after I rebuild the Fortigate, the VPN is not working anymore. I'm getting this error:   "16[IKE] <bypasslan|957> IKE_SA bypasslan[957] state change: CONNECTING => DESTROYING" in the PfSense. I've tried with different encryptions, hashes, IKE versions and modes with no success.   Here are the information of both devices (configuration screenshots, log files, and debug ike -1 results).  https://drive.google.com/drive/folders/14DUkGRDEo21XYyEsRUvis79-1RT7az0S?usp=sharing   After debugging, I noticed both devices are behind NAT. I know if the remote peer is behind NAT, I have to use a dialup connection, but I was able to make it work for two weeks with no issue (site-to-site VPN).   Regarding the PfSense, I have two rules allowing 4500 and 500 udp/tcp ports. But, I haven't    I've been working in this issue for two weeks with no success.   Thank you beforehand for your help!

Solution: In this case it is not matching at phase 1 because the Fortigate is sending its internal IP as its identifier and I have had the connection set to use 'Peer IP address' in my pfSense.   Either set pfSense to use as remote Identifier: IP Address 172.31.11.165 or set the Fortigate to use it's actual external IP as the identifier.