Upon troubleshooting a VPN tunnel that was not being established, I came across the following error:
"Packet is dropped because an IPSEC SA associated with the SPI on the received IPSEC packet could not be found."
While led me to sk19423:
Since the affected gateway is indeed a cluster member I would like to ensure that the synchronization network works properly to see if the scenario above applies.
My question is therefore, is there another way of checking the sync network other than running the following commands:
cphaprob -a if
cphaprob syncstat
fw ctl pstat
Might be worth noting that the gateway in question also happens to be a virtual instance.
Many thanks in advance.