I have an IPSEC connection set up to a single peer but with 3 policies.
Remote Router IP: 10.40.0.101/30 192.168.40.101/30
Policies:
src: 10.40.0.100/30 dst: 10.40.0.0/24
src: 192.168.40.100/30 dst: 192.168.40.0/24
src: 10.40.0.101/30 dst: 10.0.0.0/8
I have many similarly configured routers all functioning well, but for some reason on one particular remote router, that last policy to dst 10.0.0.0 will after a period of time fail. When I look at the policy it simply says "no phase2". Manually disabling the policy and re-enabling it makes it work, but I can't figure out why it even fails to begin with.