Have a PXI501 on 6.3(5) connecting to a PIX515 also 6.3.(5). Have 20 other's in the exact same configuration (connecting to same PIX515). Yesterady PIX501 stopped sending traffic over tunnel. I'm pulling my hair out.
The tunnel comes up fine, no errors from debug output. ACL counters increment as expected when passing interesting traffic.
On both ends when I check output of "show ipsec sa" I see the "pkts encaps" counters going up, but both ends always show 0 for "pkts decaps". Suggesting neeither end thinks it's getting valid ipsec traffic from the other.
My config has not changed, this tunnel had been working for several weeks without issue. I have tried pointing the PIX501 to a new PIX515 running 7.0 software on the other end (I have a spare I setup), exact same issue. Tunnels comes up as soon as interesting traffic passes, both sides ACL counters go up, but neither end shows any packets decapsulated.
I have turned on packet capturing and verified that packets using UDP port 500 are in fact making their way to both PIXes, but they don't recognize it for some reason.
I have verified the outgoing/incoming SPIs match on either end in the "show ipsec sa" output.
Any suggestions on debugging to try? I'm half tempted to just ship a new unit out there.