Hi Vikas,
Many thanks for reply.
Yes, I have working DialUP VPN using shrew and it is IKEv1.
This is what I see in logs during failed connection attempt:
2017-04-27T11:27:27.978319+02:00 firewall: NetScreen firewall [Root]system-information-00536: IKE A.B.C.D Phase 1: Responder starts AGGRESSIVE mode negotiations. (2017-04-27 11:27:27)
2017-04-27T11:27:27.978399+02:00 firewall: NetScreen firewall [Root]system-information-00536: IKE A.B.C.D phase 1:The symmetric crypto key has been generated successfully. (2017-04-27 11:27:27)
2017-04-27T11:27:31.093460+02:00 firewall: NetScreen firewall [Root]system-information-00536: IKE A.B.C.D Phase 1: Responder starts AGGRESSIVE mode negotiations. (2017-04-27 11:27:30)
2017-04-27T11:27:31.093460+02:00 firewall: NetScreen firewall [Root]system-information-00536: IKE A.B.C.D phase 1:The symmetric crypto key has been generated successfully. (2017-04-27 11:27:30)
2017-04-27T11:27:31.206171+02:00 firewall: NetScreen firewall [Root]system-information-00536: Rejected an IKE packet on ethernet0/9 from A.B.C.D:37049 to W.X.Y.Z:4500 with cookies 858ce27d53a5c903 and 06e9ca642833dad8 because The peer sent a packet with a message ID before Phase 1 authentication was done. (2017-04-27 11:27:30)
I will try with the strong swan as you have suggested and let you know.
Thanks,
Mathias