Hi Community,

I wanted to ask about common troubleshooting approaches for IPSec VPN tunnels when they fail or start flapping during WAN link failover.

• What are the first things you usually check (crypto, DPD timers, NAT-T, routing)?
• Any interesting cases where the issue turned out to be something unexpected?
• Are there Cisco design guides that you recommend for stabilizing IPSec after ISP changes?

Appreciate your thoughts and shared experiences!