I have a remote site, the DMVPN router is behind ASA firewall with dedicated Public IP. No NAT is involved.
The firewall rule allows inbound GRE, ESP and AH.
The VPN connection drops a few times a day which really impacting the business.
The router log shows:
CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr.....
Is there anything I should pay attention to, i.e. addtional firewall rules?