I'm trying to get the IPsec tunnel working between Untangle at our branch office and forefront TMG at our server host.

I setup the IPsec settings following the WIKI and matched the PFSense settings (below). Everything looks like it's connecting properly. I see the connection on port 500 on forefront TMG, but nothing is being routed from Untangle to forefront. A tracert shows the packet just stopping at the untangle gateway.

Phase I:
3DES
SHA1
DH Key 2 (1024)
28800

Phase II:
AES128 (Tried 3DES as well)
SHA1
DH Key 2
28800
ESP Checked


IPsec State (IPs and Keys edited out):
src Untangle_Ext_IP dst Forefront_Ext_IP
proto esp spi 0xc9e8b2a7 reqid 16385 mode tunnel
replay-window 32 flag 20
auth hmac(sha1) DELETED
enc cbc(aes) DELETED
src Forefront_Ext_ip dst Untanlge_Ext_ip
proto esp spi 0x2e7bb365 reqid 16385 mode tunnel
replay-window 32 flag 20
auth hmac(sha1) DELETED
enc cbc(aes) DELETED

Under IPsec Policy:
src Forefront_Internal dst Untangle_Internal
dir in priority 2343
tmpl src Forefront_External dst Untangle_External
proto esp reqid 16385 mode tunnel
src Forefront_Internal dst Untangle_Internal
dir fwd priority 2343
tmpl src Forefront_External dst Untangle_External
proto esp reqid 16385 mode tunnel
src Untangle_Internal dst Forefront_Internal
dir out priority 2343
tmpl src Untangle_External dst Forefront_External
proto esp reqid 16385 mode tunnel



IPsec Log:
Here are the last lines of the connection logs:

Jul 3 08:38:48 Untangle pluto[22415]: "UT0_Forefront-TMG" #23: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Jul 3 08:38:48 Untangle pluto[22415]: "UT0_Forefront-TMG" #23: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x61fd58c6 <0x8e8f8720 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
Jul 3 08:38:48 Untangle pluto[22415]: "UT0_Forefront-TMG" #23: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag
Jul 3 08:38:48 Untangle pluto[22415]: "UT0_Forefront-TMG" #23: message ignored because it contains an unexpected payload type (ISAKMP_NEXT_HASH)
Jul 3 08:38:48 Untangle pluto[22415]: "UT0_Forefront-TMG" #23: sending encrypted notification INVALID_PAYLOAD_TYPE to Forefront_External_IP:500