After several Checks, I finally solved my issue.
A first VPN Tunnel (VPN_site1
) was set up with An Any/Any phase 2 subnets ( Local and remote)
the second tunnel ( VPN_site2
) was set up in first with the same full permissive Phase 2 and then adjust to the appropriate Local and remote Subnets.
the reply UDP 5060 traffic was going through the first Phase 2 ( VPN_site2
I changed the Phase 2 of VPN_site1
with the only ones conerned, then reset all session comming from the remote subnet of VPN_site2 --> BINGO!!! actions:diagnose sys session filter clear
--> TO clear any filter applydiagnose sys session filter src 192.168.X.X
--> add a filter for my SIP session onlydiagnose sys session list
--> check that the filter is applieddiagnose sys session filter clear
--> clear the session so that to re-establish traffic on the good Tunnel
Then i checked my flows : diag debug reset
--> to reset any current traffic debug.diag debug flow filter add 192.168.X.Xdiag debug flow show console enablediag debug flow trace start 100diag debug enable !!!! Do not forget to Disable debug!!!diag debug or di de di
So in my case, the "No matching IPsec selector, drop" was due to the fact that the not only the traffic was going through the bad Tunnel VPN policy, but only because this Tunnel VPN was Down. Hope this Help Anyone! PHI.
post edited by Phinestra200 - 2018/05/16 06:25:51