As below, a message about BAD SPI error from kb.juniper.net :
The local security device received a packet with an incorrect security parameters index (SPI) number through the IPSec tunnel with the specified ID number (in hexadecimal notation) arriving at the specified interface. The message indicates the source and destination IP addresses of the outer packet header and the packet length (in bytes). The packet was either formatted for the Encapsulating Security Payload (ESP) or Authentication Header (AH) protocol, and had the specified SPI number and the sequence number—both in hexadecimal notation. The security device dropped the packet, and if it found a valid VPN configuration for the source IP address and Initial Contact notification was enabled, it also sent an Initial Contact Notify message to that address.
Don't understand the description in the red, why the device droppded the packet ?
#vpn