Up until recently, our C2S VPN was working fine in both legacy and IKE
mode. Then, a couple of weeks ago, IKE seems to have stopped working for
C2S (S2S is fine). Authenication is fine - VPN client (BM3xVPN5)
connects normally, and everything looks fine, policies showing correctly
etc. However, I can't ping/talk to anything on the private network. "IP
encrypted packets" isn't ticking up, whilst "unencrypted packets" is.
IKE.LOG shows (public IP addresses obscured):

9-8-2004 10:10:04 am Start IPSEC SA 58AE7360 - Initiator****totSA=2
9-8-2004 10:10:04 am src from IPsec
9-8-2004 10:10:04 am 10020000 D9211AA2
9-8-2004 10:10:04 am dst from IPsec
9-8-2004 10:10:04 am 100201F4 50B13EE3
9-8-2004 10:10:04 am *Sending proxy ID type 4 192.168.0.0/255.255.255.0
9-8-2004 10:10:04 am *Sending proxy ID type 1 192.168.99.1
9-8-2004 10:10:04 am ***Send Quick Mode message to 80.xxx.yyy.227
9-8-2004 10:10:04 am
I-COOKIE=165B84B423845856,R-COOKIE=64B2FB3472BCEE51,MsgID=4F1EAE55,1stPL=HASH-PAYLOAD,state=1488655036
9-8-2004 10:10:08 am ***Send Quick Mode message to 80.xxx.yyy.227
9-8-2004 10:10:08 am
I-COOKIE=165B84B423845856,R-COOKIE=64B2FB3472BCEE51,MsgID=4F1EAE55,1stPL=HASH-PAYLOAD,state=1488655036
9-8-2004 10:10:08 am ***Send Quick Mode message to 80.xxx.yyy.227
9-8-2004 10:10:08 am
I-COOKIE=165B84B423845856,R-COOKIE=64B2FB3472BCEE51,MsgID=3537D7C2,1stPL=HASH-PAYLOAD,state=1488655036
9-8-2004 10:10:15 am ***Send Quick Mode message to 80.xxx.yyy.227
9-8-2004 10:10:15 am
I-COOKIE=165B84B423845856,R-COOKIE=64B2FB3472BCEE51,MsgID=4F1EAE55,1stPL=HASH-PAYLOAD,state=1488655036
9-8-2004 10:10:19 am ***Receive Acknowledge Informational message from
80.xxx.yyy.227
9-8-2004 10:10:19 am
I-COOKIE=165B84B423845856,R-COOKIE=64B2FB3472BCEE51,MsgID=4B1EE747,1stPL=HASH-PAYLOAD,state=1488655036
9-8-2004 10:10:19 am recieved isakmp sa delete msg from 80.xxx.yyy.227
cookies are 165B84B423845856 : 64B2FB3472BCEE51
9-8-2004 10:10:19 am ***Send Acknowledge Informational message to
80.xxx.yyy.227
9-8-2004 10:10:19 am
I-COOKIE=165B84B423845856,R-COOKIE=64B2FB3472BCEE51,MsgID=4B1EE747,1stPL=HASH-PAYLOAD,state=1488655036
9-8-2004 10:10:20 am Start IPSEC SA 58AE76C0 - Initiator****totSA=3
9-8-2004 10:10:20 am src from IPsec
9-8-2004 10:10:20 am 10020000 D9211AA2
9-8-2004 10:10:20 am dst from IPsec
9-8-2004 10:10:20 am 100201F4 50B13EE3
9-8-2004 10:10:20 am Start IKE-SA 55107540 -
Initiator,src=217.aaa.bbb.162,dst=80.xxx.yyy.227,T otSA=3
9-8-2004 10:10:20 am ***Send Main Mode message to 80.xxx.yyy.227
9-8-2004 10:10:20 am
I-COOKIE=6CD1A8E264627879,R-COOKIE=0000000000000000,MsgID=0,1stPL=SA-PAYLOAD,state=1488654924
9-8-2004 10:10:23 am IKEQMTimeoutHandler: Packet retransmit exceeded the
limit! the SA will be deleted
9-8-2004 10:10:24 am ESP-SA is deleted :algorID=esp
3des,mySPI=5E1A090F,peerSPI=90352A3D,time=262581,d st=80.xxx.yyy.227
9-8-2004 10:10:24 am The client 192.168.99.1 removed from vpninf

Can anyone help?

TIA

Kenny