Hi all,
I used Greg Sowells guide for setting up the VPN from a Mikrotik to a Cisco and it is up and working.
The issue is that if I disconnect the VPN for any reason - the cisco router will not bring it back up again.
If I go to the Mikrotik end and ping a pc on the Cisco end, it comes up ok.
If I go to the Cisco end and ping a pc on the Mikrotik end, it won't come up.

Now I have found that if I reboot the Cisco and then ping a pc from that end to the mikrotik end it will come up.
But once it has been disconnected, it will not re-establish from that end.

Also if I establish the VPN from the Mikrotik end - then the VPN is fully up and running from both ends.

I have checked the logs on both ends.
The cisco end shows nothing in the logs when it is failing to connect and neither does the Mikrotik.
Any ideas on how to fix this ?
Any help would be appreciated.

Just found out one more thing, On the Cisco if I run the following command
clear crypto sa
Then the VPN will come up again from the Cisco end
this gets it going again but I need to fix this perminantly so any ideas let me know.

Yes, Cisco continues to use old SA, while MikroTik establishes new SA.
Set up DPD on both ends to solve the problem of tunnel not going up after link down. DPD will clear all installed-SA on both ends, after tunnel is not active.

Hi Sergejs,

Sorry to bring this really old post alive - but using DPD does not work. My Cisco <-> Mikrotik VPNs are still going down 3-100 times per day. All I can do is to flush all SA and then they might come back online. Sometimes I have to kill the connections completely, very frustrating.

Two things that I've done in my config seemed to have helped a lot with this issue.

1. Disable DPD on the Mikrotik
2. Make sure the Lifetime in IPsec Peer and IPsec Proposal match what's configured on the Cisco, in my case it's 08:00:00