On 02/10/2016 10:10 PM, John Cenile wrote: > I do notice a lot of these errors in the secure log though, would this be > any indication of a problem? (I'm grepping for this specific error, they're > not the only messages in there). > > Feb 11 14:18:10 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA > payload: PROTO_IPSEC_ESP SA(0x01f90e1d) not found (maybe expired) I think they indicate that both sides are restarting the tunnel, and that site-b is sending a "delete" command as it restarts the tunnel, while site-a has already removed the tunnel. But that doesn't tell us anything about why they're doing that. Control debugging from both sides *should* make that clear, but you'll have to either make sense of the complete logs or share them.