Hi Everyone,

I am running a gateway with R80.20 take 118 and MDS with R80.30 take 140. Since last week I started receiving complaints for VPN users that their traffic is not working. We have route based VPN and mobile access blade as well. 

Last week issue was for route based VPN. While checking the logs I could see traffic was getting accepted in the VPN rule but it was not getting encrypted. Previous logs show that it was working fine until that day. At the time of the issue, the traffic was being accepted in the same rule as a normal connection but was not getting identified as VPN traffic. The tunnels were up and running. I could see SAs established in both Phase 1 and Phase 2. Routing was also the same. With no options left, I thought of installing the policy once before thinking about resetting the tunnel. When I installed the policy it started getting encrypted and issue was resolved. Any idea what the issue could have been ? 

Also adding to the below incident, yesterday I had a similar issue for the same gateway. Except this time it was not the route based VPN but it was the mobile access blade. I could see that users were able to connect through VPN and office mode IP was getting assigned to them. But their traffic once they are connected to VPN was failing. The incoming traffic was getting decrypted, but it was dropped because the MAB policy recognised it as unauthorized. Curious again, I installed the policy to see whether it was just like the route based VPN issue and as expected it started working again once the policy was installed. I suspect something is going on with my gateway. This gateway is a HP proliant gen 8 open server. Please help me on identifying what the problem could be.

Thanks

Deepu