Local VPN client diagram showing no traffic flow: I would like to enable DPD on the other side but I cannot due to change control and also because the client is saying it's working on all the other sites exactly configuration the same. But I have tried every single combination of DPD on this side without avail. Looking at Fortigate's knowledgebase it appears SPIs don't agree and DPD would make a difference. We've had many chats to the client about this but they have many more international IPsec VPNs and only our MikroTik configuration is failing. At one stage I had a theory that if the tunnel is initiated from their side it works, but fiddling with "Send Initial Contact" has not made any difference. We tried various things over time, such as rebooting, setting clocks, dabbling with configuration, rechecking and rechecking configuration but it appears the problem is entirely random. Phase 1 and 2 are always established but traffic always refuses to flow from the remote side to us. It appears data from the remote side to us is not always flowing. x.x.186.50 is the client's remote Fortigate IPsec server, and x.x.7.73 is a MikroTik based IPsec endpoint. On the diagram Installed SAs tab you will notice a source IP address x.x.186.50 trying to communicate with x.x.7.3 but 0 current bytes. In order to demonstrate the symptoms of the problem I have attached a diagram. Every now and again, possibly once a week, sometimes once a month, data just stops flowing from the remote Fortigate VPN server to the local MikroTik IPsec VPN client. We have a client with 6 sites using IPsec.