I have an ASA in our central office and an ASA in our branch office. We run an ipsec site to site VPN, that works fine. Yesterday it just stopped (in the branch office), investigations suggested that the tunnel was up but no packets were being encrypted or decrypted (sho crypto ipsec sa). i then did a debug crypto ipsec 2 and got the following message:
IPSEC WARNING: inbound SA deletion retry, SPI: 0xA2280726, user: 184.108.40.206, peer: 220.127.116.11
IPSEC WARNING: outbound SA deletion retry, SPI: 0xD2820A4C, user: 18.104.22.168, peer: 22.214.171.124
(not our real ip's)
It was here that we noticed that the SPI's in the sho crypto ipsec sa didn't match the SPI's coming from the central office. I tried clearing the crypto ipsec sa, but that didn't work so i rebooted the FW. When it came back up it started working again, and the SPI's matched.
The problem is it happened again 15 hours later.
Can anyone tell me what thr SPI is and why it might not match with the central office?