Okay. So I haven't resolved the above, but I've now added a 10 Second NetWatch to Azure. On Down state I've added -

:log info "IPSEC Down"
:ip ipsec installed-sa flush

This kills the connection and it re-establishes immediately. Seems okay as an immediate workaround.

Just wanted say great work getting this feature going. I've successfully configured a route-based IPSEC IKEv2 VPN to Azure and it's generally working very well, except that I get occasional drops. The log reports - IPSEC ERROR Payload Missing: ID_R The link then continues to report as established, b...