I have setup a link between offices and am using a draytek router we had and on the headoffice side I have a freebsd gateway.
I am getting this in the security log and no matter what I change on each end it ends up at this point - I have tried searching, but not come up with anything useful.
Any help appreciated.

[root@hydra rc.d]# racoon -F
Foreground mode.
2007-11-29 14:14:45: INFO: @(#)ipsec-tools 0.6.6 (http://ipsec-tools.sourceforge.net)
2007-11-29 14:14:45: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
2007-11-29 14:14:45: INFO: a.a.a.a[500] used as isakmp port (fd=5)
2007-11-29 14:14:48: INFO: respond new phase 1 negotiation: a.a.a.a[500]<=>b.b.b.b[500]
2007-11-29 14:14:48: INFO: begin Identity Protection mode.
2007-11-29 14:14:51: WARNING: No ID match.
2007-11-29 14:14:51: INFO: ISAKMP-SA established a.a.a.a[500]-b.b.b.b[500] spi:a0d0e874ba5d2e17:cf6eb9380f6b7547
2007-11-29 14:14:52: INFO: respond new phase 2 negotiation: a.a.a.a[0]<=>b.b.b.b[0]
2007-11-29 14:14:52: INFO: no policy found, try to generate the policy : 192.168.2.0/24[0] 192.168.1.0/24[0] proto=any dir=in
2007-11-29 14:14:52: WARNING: trns_id mismatched: my:3DES peer:DES
2007-11-29 14:14:52: WARNING: trns_id mismatched: my:3DES peer:DES
2007-11-29 14:14:52: WARNING: trns_id mismatched: my:BLOWFISH peer:DES
2007-11-29 14:14:52: WARNING: trns_id mismatched: my:BLOWFISH peer:DES
2007-11-29 14:14:52: ERROR: not matched
2007-11-29 14:14:52: ERROR: no suitable policy found.
2007-11-29 14:14:52: ERROR: failed to pre-process packet.
2007-11-29 14:14:53: INFO: purging ISAKMP-SA spi=a0d0e874ba5d2e17:cf6eb9380f6b7547.
2007-11-29 14:14:53: INFO: purged ISAKMP-SA spi=a0d0e874ba5d2e17:cf6eb9380f6b7547.
2007-11-29 14:14:54: INFO: ISAKMP-SA deleted a.a.a.a[500]-b.b.b.b[500] spi:a0d0e874ba5d2e17:cf6eb9380f6b7547


My config

[root@hydra rc.d]# more /etc/setkey.conf
spdflush;
spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec
esp/tunnel/a.a.a.a-0.0.0.0/unique;
spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec
esp/tunnel/0.0.0.0-a.a.a.a/unique;

[root@hydra rc.d]# more /usr/local/etc/racoon/racoon.conf
path pre_shared_key "/etc/racoon_psk.txt" ;
#
listen
{
        isakmp a.a.a.a [500];
}
#
timer {
        phase1 60 seconds ;
        phase2 60 seconds ;
}
#
remote anonymous {
        exchange_mode main, aggressive, base ;
        doi ipsec_doi ;
        situation identity_only ;
        lifetime time 1 hour ;
           generate_policy on;
           passive on;
           my_identifier address a.a.a.a ;
        peers_identifier fqdn "b.b.b.b" ;
           proposal {
                   encryption_algorithm 3des;
                   hash_algorithm sha1;
                   authentication_method pre_shared_key;
                   dh_group modp1024;
           }
        proposal_check obey ;
}
#
sainfo anonymous {
        pfs_group modp1024;
        lifetime time 1 hour ;
        encryption_algorithm 3des, blowfish;
        authentication_algorithm hmac_sha1, hmac_md5;
           compression_algorithm deflate;
}