That would mean the Peer firewall is sending it's IP address as Local Identifier, however the question is if this is also defined on the certificate the Peer is using as that needs to match aswell.
So the Peers Certificate would need a SAN Attribute "IP Address" with it's IP.
Taking the original error and picking it piece by piece.
Peer's ID payload ' IPv4_address:xxx.xxx.xxx.xxx' does not match certificate ID, Error: failed to get subjectAltName.
It would seem that their side does have their Local ID Field and IP Field are filled with an IP address however the certificate they use doesn't seem to have a SAN at all, or a matching IP address SAN on the certificate.
Looking at the last bit my guestimate would be the second case.
Next step would be to verify if this is actually the case by either having them check the config or make a PCAP of the initial exchange to capture the certificate info (Depending on the Ike version and mode of connection (Main/aggressive)).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!