Since going all RouterOS for our routing, I’ve encountered a strange problem with TCP connections over IPSEC.
We do large (eg. 30GB) http requests to a storage server (solaris based) which go over the VPN to our other storage server.
However, the request keeps failing part way through - it times out and drops the TCP connection.
I’ve tried many thing: Tunnelled IPSEC, GRE tunnel over IPSEC transport mode.
A non-IPSEC connection works fine (eg. SFTP) but we’d need to re-architect things to use this, so I’d rather get the VPN working as it should
I thought I’d found a correlation between IPSEC re-keying and the drops, but I’m not entirely certain, however it does seem to be re-key more often than seems entirely necessary - eg. every 20-30 mins, even after I’d set the timeout to 2 hours for phase 2
I’ve made sure the clocks are synchronised, I’ve sniffed the traffic, and it just stops passing traffic for about 45 seconds then drops the TCP connection.
Any thoughts from anyone? I’ve been bashing my head against this for most of the past week!
edit:
Probably should have mentioned:
RouterOS 6.0, AH1100x2’s all round 
Tried 6.1, but IPSEC keeps dropping so a bit of non-starter.
Thanks
Chris