I have a VPN S2S setup between 2 NW 6.5 sp6, BM 3.8 SP 5 servers. I have
set this up as Master to Master VPN in seperate trees. I have patched
according to Craig Johnson's patch list and have run tuneup.ncf and am
using Craig's proxy.cfg. BM server #1 has another Master to Master VPN
connection to a third BM server. This connection appears to be rock solid
as the VPN will always reconnect after a server bounce, or after a
vpnstop/vpnstart. Between BM #1 and BM #2, the situation is much more
unstable. BM #2 will periodically drop the connection. In the Audit Log I
see "(ESP) Inbound SA is not found, SPI=7E3D1C52, src=BM#1IPAddress,
The activity screen shows, in the IP status column, "The encryption tunnel
is in the process of being established".
I have not found many references to the "Inbound SA" message, but I
suspect it may be a certificate problem.
Any ideas?