The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
The strong mutual authentication of both peers is based on <b>EAP-TLS</b> only
(without a separate IKEv2 authentication), using TLS client and server certificates,
respectively.
<br>
The roadwarrior <b>dave</b> doesn't have the appropriate CA certificate installed
and, therefore, doesn't trust gateway <b>moon</b>'s certificate and rejects it.