2006:11:30-21:44:11 (none) pluto[337]: added connection description "S_Astaro-X509_1"
2006:11:30-21:44:11 (none) pluto[337]: forgetting secrets
2006:11:30-21:44:11 (none) pluto[337]: loading secrets from "/etc/ipsec.secrets"
2006:11:30-21:44:11 (none) pluto[337]: loaded private key file '/etc/ipsec.d/private/Astaro-ClientAccess.pem' (3311 bytes)
2006:11:30-21:44:11 (none) pluto[337]: loaded private key file '/etc/ipsec.d/private/Astaro-ClientAccess.pem' (3311 bytes)
2006:11:30-21:44:11 (none) pluto[337]: Changing to directory '/etc/ipsec.d/cacerts'
2006:11:30-21:44:11 (none) pluto[337]: loaded CA cert file 'Astaro-Authority.pem' (2256 bytes)
2006:11:30-21:44:11 (none) pluto[337]: Could not change to directory '/etc/ipsec.d/aacerts'
2006:11:30-21:44:11 (none) pluto[337]: Could not change to directory '/etc/ipsec.d/ocspcerts'
2006:11:30-21:44:11 (none) pluto[337]: Changing to directory '/etc/ipsec.d/crls'
2006:11:30-21:44:11 (none) pluto[337]: Warning: empty directory
2006:11:30-21:52:11 (none) pluto[337]: packet from xxx.xxx.xxx.xxx:9653: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
2006:11:30-21:52:11 (none) pluto[337]: packet from xxx.xxx.xxx.xxx:9653: ignoring Vendor ID payload [FRAGMENTATION]
2006:11:30-21:52:11 (none) pluto[337]: packet from xxx.xxx.xxx.xxx:9653: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
2006:11:30-21:52:11 (none) pluto[337]: packet from xxx.xxx.xxx.xxx:9653: ignoring Vendor ID payload [Vid-Initial-Contact]
2006:11:30-21:52:11 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #3: responding to Main Mode from unknown peer xxx.xxx.xxx.xxx
2006:11:30-21:52:11 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
2006:11:30-21:52:11 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #3: STATE_MAIN_R1: sent MR1, expecting MI2
2006:11:30-21:52:12 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
2006:11:30-21:52:12 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #3: STATE_MAIN_R2: sent MR2, expecting MI3
2006:11:30-21:52:12 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #3: Main mode peer ID is ID_DER_ASN1_DN: <User Certificate>
2006:11:30-21:52:12 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #3: no crl from issuer <SA Certificate>found (strict=no)
2006:11:30-21:52:12 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #3: I am sending my cert
2006:11:30-21:52:12 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
2006:11:30-21:52:12 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
2006:11:30-21:52:12 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #3: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
2006:11:30-21:52:13 (none) pluto[337]: ERROR: asynchronous network error report on eth1 (sport=500) for message to xxx.xxx.xxx.xxx port 9653, complainant xxx.xxx.xxx.xxx: Message too long [errno 90, origin ICMP type 3 code 4 (not authenticated)]
2006:11:30-21:52:13 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #4: responding to Quick Mode {msgid:da46bda6}
2006:11:30-21:52:13 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
2006:11:30-21:52:13 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
2006:11:30-21:52:13 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #4: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
2006:11:30-21:52:13 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
2006:11:30-21:52:13 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #4: STATE_QUICK_R2: IPsec SA established {ESP=>0x35966a6b <0x51c8ec95 xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}
2006:11:30-21:52:48 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #3: received Delete SA(0x35966a6b) payload: deleting IPSEC State #4
2006:11:30-21:52:48 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #3: received and ignored informational message
2006:11:30-21:52:48 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx #3: received Delete SA payload: deleting ISAKMP State #3
2006:11:30-21:52:48 (none) pluto[337]: "S_Astaro-X509_1"[1] xxx.xxx.xxx.xxx: deleting connection "S_Astaro-X509_1" instance with peer xxx.xxx.xxx.xxx {isakmp=#0/ipsec=#0}
2006:11:30-21:52:48 (none) pluto[337]: packet from xxx.xxx.xxx.xxx:9653: received and ignored informational message

At this point Windows XP SP2 client just hangs and says "Error 678: The remote computer did not respond."