Site to Site IPSEC tunnel between routers does not pass traffic

LogicalTRC TRC · ‎09-16-2014

I have around 50 VPN tunnels (hub and spoke) and three of them fail to pass traffic. Here is the IPSEC debug from the hub router at 172.18.251.5. The spoke is at 172.18.13.1.

Sep 15 22:26:30.200: IPSEC(key_engine_enable_outbound): rec'd enable notify from ISAKMP
Sep 15 22:26:30.200: IPSEC: Expand action denied, notify RP
Sep 15 22:26:36.338: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Sep 15 22:26:36.338: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Sep 15 22:26:36.338: IPSEC(key_engine_delete_sas): delete SA with spi 0x7F14EC1E proto 50 for 172.18.13.1
Sep 15 22:26:36.338: IPSEC(update_current_outbound_sa): updated peer 172.18.13.1 current outbound sa to SPI 7F14EC1E
--More-- Sep 15 22:26:36.338: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 172.18.251.5, sa_proto= 50,
sa_spi= 0x128308AD(310577325),
sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 5427
sa_lifetime(k/sec)= (4608000/3600),
(identity) local= 172.18.251.5:0, remote= 172.18.13.1:0,
local_proxy= 10.1.2.0/255.255.255.0/256/0,
remote_proxy= 10.13.2.0/255.255.255.0/256/0
Sep 15 22:26:36.338: IPSEC(update_current_outbound_sa): updated peer 172.18.13.1 current outbound sa to SPI 7F14EC1E
Sep 15 22:26:36.338: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 172.18.13.1, sa_proto= 50,
sa_spi= 0x7F14EC1E(2132077598),
sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 5428
sa_lifetime(k/sec)= (4608000/3600),
(identity) local= 172.18.251.5:0, remote= 172.18.13.1:0,
local_proxy= 10.1.2.0/255.255.255.0/256/0,
remote_proxy= 10.13.2.0/255.255.255.0/256/0