We have a 150 locations that all have recently added and additional tunnel to a Cisco. The IPsec tunnel comes up and we can pass traffic but after an unknown length of time (lifetime?) the tunnels drop and will not renegotiate until we login to the Mikrotik and flush the SA’s. Any Ideas?
Make sure phase 2 lifetimes are matching on both ends. You can also study your IpSec debug logs and see if you can get any more information regarding the issue.
Also make sure you have dead peer detection on both sides and with similar rate.
While this does not solve the root cause of these errors, at least it will make the tunnels come back automatically.