We could not find any SK for this particular failure reson. We had an issue with following encryption error - failed to enforce VPN policy (10): What is more, all other VPN tunnels continued functioning perfectly.
No IKE packets were sent to PEER side at all, could not find the real reason in IKE.elg and IKEv2.XML debug files in which PEER public IP did not appear at all. Just had situation on our CP R80.40 firewall cluster, which suddenly stopped encrypting interesting traffic to the most important S2S VPN tunnel (without any change in configuration).įW VPN policy rules just were not enforced when packets arrived to fw kernel, with defined source subnets to destination peer subnets as in VPN rule.
