1530, centrally managed, R81.10.05.
The Spark is behind a local router with a fixed public IP and is centrally managed by a SMS in another country behind a Quantum cluster. The Spark has a private IP as External interface and all NAT have been configured.
A VPN to that cluster has worked for a long time until the central site moved to a new public IP range.
The connection to the SMS has been reinitialised on the Spark to get the new management IP and even SIC has been reset, policy installation work and the timestamps match. However the Spark doesn't seem to send logs anymore and I still see ICA_Services to the old public IP.
A VPN that was done to the central site doesn't work anymore. The central site shows the VPN as up but the Spark has only Phase 1 with No Outbound SA for Phase 2.
I've started a TAC SR but wondered if there was an any experience that could be shared here short of factory default the box. 🙂
Long story short, for the Quantum: Key install successful, methods Group 19, certificates, PFS and the like. Now on the Spark: IKE Error but the traffic arrives on the system.