So I have 1 HO, and 2 branches and previously these devices were on 6.43.12 and connected from the individual branch to the HO via IPSec VPN. Had almost no issues for a long time but with occasional hiccups. Today I upgraded all the devices to 6.45.1.
Here is what I did and what happened :
1) Upgraded firmware from 6.43.12 to 6.45.1
2) Disabled scheduler objection that ran a script to resolve DDNS names to fill in the resulting IP addresses into SA-SRC-ADDRESS and SA-DST-ADDRESS
3) Tunnels stayed open for a bit but then dropped.
4) All IPSec windows showed the peer column as "unknown" in all policies (HO and Branches). I went in into each policy object and just applied to get it to update and the unknown changed to the DDNS name of the relevant peer.
5) HO Router IPSec shows "no phase2" for both policies
6) Branch Routers IPSec shows either "no phase2" or "msg1 sent"
7) checking branch routers IPSec Policy Status tab shows SA Src. Address as 0.0.0.0. HO router shows the same in SA Src. Address 0.0.0.0.
8* Logs show "failed to pre-process ph2 packet" or "peer sent packet for dead phase2" on all routers.
I am sure there is no issue with the firmware, but I think with the way they changed the IPSec, something is misconfigured. Any idea what is missing?