Hello everybody,

I confirm this behavior on version 80.30 taka 191.
The VPN solution is very unstable.

For stability, I clean all IKE+IPSEC via 'vpn tu' every week.

I am facing the same issue.

Any solution on this? Already opened a support case, but they don't seem to know what to do...

I found and removed all the host objects which had IP address used in the gateway object. This stabilized the VPN.

I have exactly the same problem with one VPN location.

We have 2 other VPN locations what operates without  any issues.
We moved to R80.40 and since then we have the problem with one site-to-site VPN.
The VPN tunnel diconnects from our main site but the SMB (1450) holds still the VPN.
So the VPN isn't coming back until I remove the tunnel from the SMB (vpn tu).

What for host objects did you delete?
Host object with the public IP address or object with internal ip addresses?

Hi,

Public IP address.

I think your case is different. Have you tried turning on "Permanent Tunnels"?

Hi,
yes, yesterday I changed it back to a permanent tunnel and today I the problem is worse than the other days.
VPN tunnel disconnected 4 times now.
It came back aftet deleting the SAs from the SMB (vpn tu).

"Packet is dropped because an IPsec SA associated with the SPI on the received IPsec packet could not be found"

"Unknown SPI: 0x627e7f34 for UDP encapsulated IPsec packet."

I opend a ticket some weeks ago but they couldn't help.
Nothing in ike and vpn logs what could explain the problem.

Maybe it's time for the solution?
The problem was the firmware of our 6000 check point in our headquarter.

Some weeks after my post here check point released a new firmware with a LOT bugfixes regarding ipsec.
Since then the problems are gone.

@Lars_S_ you are answering a thread which is two years old. What are you trying to say?

Tell us please - what version did you go to that fixed the issue? And what was it on before if possible?

Command line: "fw ver" and "show version all"