Hallo Matthew, experts said, that the Phase1 Negotiation can be a problem for using main mode with certificates. Do you have tested your gateways for main mode with certs also? The most only use your ShreWSoft VPN Client with aggressive mode + preshard keys or xauth. Greetings Dietmar