I've got a strange, lingering issue. Our R77.30 Gateway has quite a few IPSec Site-to-Site VPN tunnels terminating on it, and a few of them are on AWS. I've played with the settings in the IPSec community and encryption on several of them and still experience the same behavior.
1. The tunnel can be up, operating normally, passing traffic at an acceptable rate.
2. After I install policy to the gateway, *sometimes*, traffic will no longer traverse the tunnel.
2a. This is random - I would say 10% of the time, it will happen.
2b. Pushing policy again fixes it.
Disclaimer - I set up the VPN like i've always done with other sites (external site using ASA, Palo, etc) - using an interoperable device/PSK/IPSec Community. I just recently found this sk:
Could not using VTI's be my issue? I'll be honest, i'm not familiar with VTI's or MSS clamping or dead peer detection.