StrongSwan and phase 2 (PaloAlto)

Hi friends

I have Linux Ubuntu Trusty here, with strongswan 5.1.2 installed in it.

That the ipsec.conf:

config setup
       charondebug="all"
       uniqueids=yes
       strictcrlpolicy=no

conn BOT
     keyexchange=ikev1
     ikelifetime=28800s
     keylife=28800s
     ike=aes-sha1-modp1024,aes128
     esp=aes-sha1
     xauth=client
     left=yyy
     leftid=%any
     leftsubnet=left-subnet
     leftsourceip=%modeconfig
     leftauth=psk
     rightauth=psk
     right=xxx
     rightsubnet=right-subnet
     auto=start

The ipsec.secrets has this format:

left_ip right_ip : PSK "mypassword"

When I use ipsec sart, I get this in /var/log/syslog:
Jun 19 09:41:22 servidor charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-170-generic, x86_64)
Jun 19 09:41:22 servidor charon: 00[CFG] disabling load-tester plugin, not configured
Jun 19 09:41:22 servidor charon: 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
Jun 19 09:41:22 servidor charon: 00[CFG] dnscert plugin is disabled
Jun 19 09:41:22 servidor charon: 00[CFG] ipseckey plugin is disabled
Jun 19 09:41:22 servidor charon: 00[CFG] attr-sql plugin: database URI not set
Jun 19 09:41:22 servidor charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Jun 19 09:41:22 servidor charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Jun 19 09:41:22 servidor charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Jun 19 09:41:22 servidor charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Jun 19 09:41:22 servidor charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jun 19 09:41:22 servidor charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Jun 19 09:41:22 servidor charon: 00[CFG]   loaded IKE secret for xxx yyy
Jun 19 09:41:22 servidor charon: 00[CFG] sql plugin: database URI not set
Jun 19 09:41:22 servidor charon: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
Jun 19 09:41:22 servidor charon: 00[CFG] eap-simaka-sql database URI missing
Jun 19 09:41:22 servidor charon: 00[CFG] loaded 0 RADIUS server configurations
Jun 19 09:41:22 servidor charon: 00[TNC] MAP server certificate not defined
Jun 19 09:41:22 servidor charon: 00[TNC] TNC recommendation policy is 'default'
Jun 19 09:41:22 servidor charon: 00[TNC] loading IMVs from '/etc/tnc_config'
Jun 19 09:41:22 servidor charon: 00[TNC] opening configuration file '/etc/tnc_config' failed: No such file or directory
Jun 19 09:41:22 servidor charon: 00[CFG] missing PDP server name, PDP disabled
Jun 19 09:41:22 servidor charon: 00[TNC] loading IMCs from '/etc/tnc_config'
Jun 19 09:41:22 servidor charon: 00[TNC] opening configuration file '/etc/tnc_config' failed: No such file or directory
Jun 19 09:41:22 servidor charon: 00[CFG] no threshold configured for systime-fix, disabled
Jun 19 09:41:22 servidor charon: 00[CFG] coupling file path unspecified
Jun 19 09:41:22 servidor charon: 00[LIB] loaded plugins: charon test-vectors curl soup unbound ldap mysql sqlite pkcs11 aes rc2 sha1 s
ha2 md4 md5 rdrand random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem ope
nssl gcrypt af-alg fips-prf gmp agent xcbc cmac hmac ctr ccm gcm ntru attr kernel-netlink resolve socket-default farp stroke updown ea
p-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic
eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-imc tnc-imv tnc-tnccs tnccs-20 tnccs-1
1 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led duplicheck radattr addrblock unity
Jun 19 09:41:22 servidor charon: 00[LIB] unable to load 17 plugin features (9 due to unmet dependencies)
Jun 19 09:41:22 servidor charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Jun 19 09:41:22 servidor charon: 00[JOB] spawning 16 worker threads
Jun 19 09:41:22 servidor charon: 06[CFG] received stroke: add connection 'BOT'
Jun 19 09:41:22 servidor charon: 06[CFG] added configuration 'BOT'
Jun 19 09:41:22 servidor charon: 08[CFG] received stroke: initiate 'BOT'
Jun 19 09:41:22 servidor charon: 08[IKE] initiating Main Mode IKE_SA BOT[1] to xxx
Jun 19 09:41:22 servidor charon: 08[ENC] generating ID_PROT request 0 [ SA V V V V ]
Jun 19 09:41:22 servidor charon: 08[NET] sending packet: from xxx[500] to yyy[500] (216 bytes)
Jun 19 09:41:22 servidor charon: 09[NET] received packet: from yyy[500] to xxx[500] (136 bytes)
Jun 19 09:41:22 servidor charon: 09[ENC] parsed ID_PROT response 0 [ SA V V V ]
Jun 19 09:41:22 servidor charon: 09[IKE] received XAuth vendor ID
Jun 19 09:41:22 servidor charon: 09[IKE] received DPD vendor ID
Jun 19 09:41:22 servidor charon: 09[ENC] received unknown vendor ID: a9:b9:b1:03:4f:7e:50:a2:51:3b:47:b1:00:bb:85:a9
Jun 19 09:41:22 servidor charon: 09[ENC] generating ID_PROT request 0 [ KE No ]
Jun 19 09:41:22 servidor charon: 09[NET] sending packet: from xxx[500] to yyy[500] (196 bytes)
Jun 19 09:41:22 servidor charon: 10[NET] received packet: from yyy[500] to xxx[500] (180 bytes)
Jun 19 09:41:22 servidor charon: 10[ENC] parsed ID_PROT response 0 [ KE No ]
Jun 19 09:41:22 servidor charon: 10[ENC] generating ID_PROT request 0 [ ID HASH ]
Jun 19 09:41:22 servidor charon: 10[NET] sending packet: from xxx[500] to yyy[500] (76 bytes)
Jun 19 09:41:22 servidor charon: 11[NET] received packet: from yyy[500] to xxx[500] (76 bytes)
Jun 19 09:41:22 servidor charon: 11[ENC] parsed ID_PROT response 0 [ ID HASH ]
Jun 19 09:41:22 servidor charon: 11[IKE] IKE_SA BOT[1] established between xxx[xxx]...yyy[yyy]
Jun 19 09:41:22 servidor charon: 11[IKE] scheduling reauthentication in 28251s
Jun 19 09:41:22 servidor charon: 11[IKE] maximum IKE_SA lifetime 28791s

ipsec status results:

ipsec status
Security Associations (1 up, 0 connecting):
        BOT[1]: ESTABLISHED 21 minutes ago, xxx[xxx]...yyy[yyy]

So, apparently is connected but the other side, signalized that phase 2 doesn't never took place.

I wonder if there's some misconfugration in ipsec.conf.

Thanks a lot