tunnel 11 {
allow-nat-networks disable
allow-public-networks disable
esp-group Our-Group-Their-Group-ESP
local {
prefix x.x.x.x/32
}
remote {
port 7007,9005 (seperate by comma? Space? Dash?)
prefix x.x.x.x/32
}
}
It would be "unusual" for an IPSec VPN tunnel to be configured on different ports. I would suggest confirming withthe other side what each port is used for. I wonder if these are the ports that they accept traffic on, rather than the ports used for IKE.
This page indicates that the port statement is only used in conjunction with prefix", which would also suggest that it is used to define traffic rather than used for IKE.