This is a strange one, and unfortunately I cannot find any literature in either the TAC Case collections or support documentation.
I am running a GDOI VPN. It has been humming along nicely, until the following started appearing in the group member logs (group members are 1801's):
%GDOI-3-GM_NO_IPSEC_FLOWS : IPSec FLOW limit possibly reached
Once this started happening, the encpryption (or rather the ability to decrpyt) between group members simply stopped with the next change of keys.
All group memebers are still active participants in the GDOI VPN, they just can't encypt or decrpyt targeted traffic sucessfully (so they are registered with the keyserver, and have the current service policy etc).
The only way to get the group memeber to properly participate in the mesh again is to reload it, which isn't the ideal fix obviously.
Anyone with ideas ?
I am guessing it revolves around this:
%GDOI-3-GM_NO_IPSEC_FLOWS : IPSec FLOW limit possibly reached