We got a S2S tunnel between a branch and a central firewall -both running R81.10 HFA Take 66, and managed by the same SMS.
Log traffic goes over the tunnel (we did update the masters file and followed sk104582), all was working fine, until we built a new -with new IP address- log server replacing the old one
We could see the SYN packet -on port 257- reaching the log server -over the tunnel, where it replies back with a SYN ACK which is then dropped on the central gateway with the below error:
@;4054131556;[kern];[tid_8];[SIM-241142620];vpn_verify: mspi check failed (cdir=0; conn_mspis:00000000,00000000; packet_mspi:0080000e), c2s conn: <10.131.2.1,38702,10.104.20.6,257,6>;
Any clues? Resetting the tunnel didn't make any difference.
A ticket was raised, but we've been kicked around for some time now