For clarity, I will recreate your
ipsec.conf configuration file wrapped in [code] and [/code] tags.
Code:
ike esp from 200.200.10.10 to 200.200.20.20 \
main auth hmac-md5 enc 3des \
quick auth hmac-md5 enc 3des \
psk 1q2w3e
You are only establishing an IPSec Security Association ("SA") between the two gateways, and at their local subnet addresses,
not at their addresses on the Internet. Perhaps you misunderstood the examples in the
Zero to IPSec in 4 minutes article I linked to in post #2 above. Let me restate their example configuration. The two gateway devices each support a local subnet. One gateway routes traffic for 10.1.1.0/24, the other gateway routes traffic for 10.2.2.0/24:
Code:
{10.1.1.0/24} - [IPSec gateway] - 1.2.3.4 {internet}
{internet} - 5.6.7.8 [IPSec gateway] - {10.2.2.0/24}
And here is an example
ipsec.conf configuration from that article.
Code:
ike esp from 10.1.1.0/24 to 10.2.2.0/24 peer 5.6.7.8
ike esp from 1.2.3.4 to 10.2.2.0/24 peer 5.6.7.8
ike esp from 1.2.3.4 to 5.6.7.8
- The first line establishes an SA between the two subnets, and uses the peer parameter to define the remote gateway.
- The second line establishes an SA between the local gateway and the remote subnet, also using the peer parameter to define the remote gateway.
- The third line establishes an SA between the two gateways.