AWS 和 Cisco 之间的站点到站点 (IpSec) 不起作用

我正在尝试在 AWS 和 Cisco ASA 之间建立站点到站点 VPN 连接，但隧道状态显示为“关闭”，详细信息部分下的消息为“IPSEC 已关闭”。请参阅以下隧道日志：

AWS tunnel is the IKE_SA initiator
AWS tunnel is sending request (id=0) for IKE_SA_INIT exchange
sending packet: from < tunnel ip> [UDP 500] to <CGW> [UDP 500] (304 bytes)
received packet: from <CGW> [UDP 500] to <tunnel ip> [UDP 500] (499 bytes)
AWS tunnel processed response (id=0) for IKE_SA_INIT exchange
AWS tunnel has selected proposals for Phase 1 SA
AWS tunnel detected NAT-T as enabled on local host and is sending keep-alive(s)
AWS tunnel detected NAT-T behind CGW / remote host
AWS tunnel is establishing Phase 2 CHILD_SA for CGW
AWS tunnel is sending request (id=1) for IKE_AUTH exchange
sending packet: from < tunnel ip> [UDP 4500] to <CGW> [UDP 4500] (256 bytes)
received packet: from <CGW> [UDP 4500] to < tunnel ip> [UDP 4500] (160 bytes)
AWS tunnel processed response (id=1) for IKE_AUTH exchange
AWS tunnel has successfully authenticated pre-shared key
ending packet: from < tunnel ip> [UDP 4500] to <CGW> [UDP 4500] (80 byte

并且相同的日志不断出现。

AWS 支持团队已通知我们身份检查失败，但我们不确定如何验证这一点。客户建议启用“ipsecovernatt”。我们该如何处理？此外，我们想知道在 AWS 端应该进行哪些更改，以便隧道日志中的“nat_t_detected”值为真

这是来自 Cisco ASA 端的日志 show vpn-sessiondb l2l

Index        : 16777                  IP Addr      : ****
Protocol     : IKEv2
Encryption   : IKEv2: (1)AES256       Hashing      : IKEv2: (1)SHA256
Bytes Tx     : 0                      Bytes Rx     : 0
Login Time   : 14:25:01  Tue Jun 27 2023
Duration     : 0h:00m:19s

客户端表示 AWS 端未启用 IPsecOverNatT，因此 IPSec 隧道无法启动