Hi all,
I am having some difficulty with site-to-site IPSEC tunnels between several different devices.
I have a RB2011UiAS (in ‘head office’) as my VPN concentrator (if you will), connected to this via IPSec I have 4 offices.
- Office #1 has a RB750GL (running v6.28)
- Office #2 has a RB2011iL-RM (running v6.28)
- Office #3 has a NetGear DGND3700
- Office #4 has a Cisco ASA 5505
The only one that seems to be stable is #4, the other 3 offices seem to have issues after a period of time, when they initially connect after rebooting the head office RB2011UiAS, they all come online and behave as normal, however after a period of time (unsure as to exactly how long yet - might be when they rekey?) all 3 stop passing traffic.
I have been monitoring the ‘Installed SAs’ and noticed that all traffic destined for the head office router has stopped incrementing bytes when it stops working, but all traffic sourced from the head office router is still incrementing.
Has anyone else encountered this issue? I have been trying to resolve it for quite a while now, I have the correct Source NAT configuration on all devices, and the tunnels do work and will pass traffic if I reboot the VPN concentrator.
It’s almost like it’s not mapping SPI’s correctly? but a flush nor killing all remote peers resolves the issue.
Please help! 
Thank you