There is RB750GL, mikrotik 6.10. Before to this firmware was 5.7 with the same problem.
Ipsec tunnel created to the Amazon EC2.
Several times a day the connection is dropped, only helps clean Installed SAs
Can somehow fix it or it’s a feature on the ipsec mikrotik?
One could make a script that when connection is broken cleaned certificates, but the machines are turned off on Amazon and nothing to check ping.

whats the destination firewall manufacturer? I have issues between mikrotik and Microsoft ISA, it just stops communicating and I have to reset the peer to make it work again. Note that ALL vendors have IPSEC issues connecting to other vendors because some follow the RFC standard and some don’t.

you could add the following to your scripts and then set the scheduler to run it every hour.
/ip ipsec remote-peers kill-connections

We use this workaround:

Script: dmz-monitor-ipsec-peer-and-flush-installed-sa

:local IPWatchServer > 10.0.1.1
:local OutInterface > ether1-lan
:if ([/ping interface=$OutInterface $IPWatchServer count=4]<3) do={
/ip ipsec installed-sa flush sa-type=all
:log info “IPSEC tunnel with DMZ is down: Flushing Installed SA !!!”
} else={

:log info “IPSEC tunnel with DMZ is OK !”

}

And we run it every minute.